Back to sryysryy's contests

Fraxlend (Frax Finance) contest - sryysryy's results

Fraxlend: A permissionless lending platform and the final piece of the Frax Finance Defi Trinity.

General Information

Platform: Code4rena

Start Date: 12/08/2022

Pot Size: $50,000 USDC

Total HM: 15

Participants: 120

Period: 5 days

Judge: Justin Goro

Total Solo HM: 6

Id: 153

League: ETH

Frax Finance

Findings Distribution

Researcher Performance

Rank: 72/120

Findings: 2

Award: $67.00

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrax Finance

Findings Information

🌟 Selected for report: 0x1f8b

Also found by: 0x52, 0xA5DF, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xmatt, 0xsolstars, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, EthLedger, Funen, IllIllI, JC, Junnon, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, SaharAP, Sm4rty, SooYa, The_GUILD, TomJ, Waze, Yiko, _Adam, __141345__, a12jmx, ak1, asutorufos, auditor0517, ayeslick, ballx, beelzebufo, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, cccz, cryptonue, cryptphi, d3e4, delfin454000, dipp, djxploit, durianSausage, dy, erictee, fatherOfBlocks, gogo, gzeon, hyh, ignacio, kyteg, ladboy233, medikko, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, simon135, sryysryy, tabish, yac, yash90, zzzitron

Awards

45.8349 USDC - $45.83

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

[N-01] NON-LIBRARY/INTERFACE FILES SHOULD USE FIXED COMPILER VERSIONS, NOT FLOATING ONES

There are 7 instances of this issue:

contracts/FraxlendPair.sol::2            pragma solidity ^0.8.15;
contracts/FraxlendPairConstants.sol::2   pragma solidity ^0.8.15;
contracts/FraxlendPairCore.sol::2        pragma solidity ^0.8.15;
contracts/FraxlendPairDeployer.sol::2    pragma solidity ^0.8.15;
contracts/FraxlendWhitelist.sol::2       pragma solidity ^0.8.15;
contracts/LinearInterestRate.sol::2      pragma solidity ^0.8.15;
contracts/VariableInterestRate.sol::2    pragma solidity ^0.8.15;

https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPair.sol#L2 https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairConstants.sol#L2 https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairCore.sol#L2 https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/FraxlendPairDeployer.sol#L2 https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/LinearInterestRate.sol#L2 https://github.com/code-423n4/2022-08-frax/blob/main/src/contracts/VariableInterestRate.sol#L2

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xNazgul, 0xSmartContract, 0xackermann, 0xbepresent, 0xc0ffEE, 0xkatana, 2997ms, Amithuddar, Aymen0909, Bnke0x0, Chinmay, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, ElKu, EthLedger, Fitraldys, Funen, IgnacioB, JC, Junnon, Lambda, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, Randyyy, ReyAdmirado, Rohan16, Rolezn, Ruhum, SaharAP, Sm4rty, SooYa, TomJ, Tomio, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, ballx, brgltd, c3phas, cRat1st0s, carlitox477, chrisdior4, d3e4, delfin454000, dharma09, djxploit, durianSausage, erictee, fatherOfBlocks, find_a_bug, flyx, francoHacker, gerdusx, gogo, gzeon, hakerbaya, ignacio, jag, kyteg, ladboy233, ltyu, m_Rassska, medikko, mics, mrpathfindr, newfork01, nxrblsrpr, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, saian, simon135, sryysryy, zeesaw

Awards

21.1706 USDC - $21.17

Labels

bug
G (Gas Optimization)
edited-by-warden

External Links

Link to GitHub issue

[G-01] <ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP

There are 8 instances of this issue:

File: contracts/FraxlendPair.sol
289:         for (uint256 i = 0; i < _lenders.length; i++) {
308:         for (uint256 i = 0; i < _borrowers.length; i++) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPair.sol#L289 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPair.sol#L308

File: contracts/FraxlendPairCore.sol:
265:     for (uint256 i = 0; i < _approvedBorrowers.length; ++i) {
270:     for (uint256 i = 0; i < _approvedLenders.length; ++i) {
402:     for (uint256 i = 0; i < _lengthOfArray; ) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L265 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L270 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L402

File: contracts/FraxlendWhitelist.sol
51:     for (uint256 i = 0; i < _addresses.length; i++) {
66:     for (uint256 i = 0; i < _addresses.length; i++) {
81:     for (uint256 i = 0; i < _addresses.length; i++) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L51 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L66 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L81

   

[G-02] USING > 0 COSTS MORE GAS THAN != 0 WHEN USED ON A UINT IN A REQUIRE() STATEMENT

This change saves 6 gas per instance

There is 1 instance of this issue:

File: contracts/LinearInterestRate.sol
65:        require(
66:            _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0,
67:            "LinearInterestRate: _vertexUtilization < MAX_VERTEX_UTIL && _vertexUtilization > 0"
68:        );

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/LinearInterestRate.sol#L65-L68    

[G-03] IT COSTS MORE GAS TO INITIALIZE VARIABLES TO ZERO THAN TO LET THE DEFAULT OF ZERO BE APPLIED

There are 8 instances of this issue:

File: contracts/FraxlendPair.sol
289:          for (uint256 i = 0; i < _lenders.length; i++) {
308:          for (uint256 i = 0; i < _borrowers.length; i++) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPair.sol#L289 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPair.sol#L308

File: contracts/FraxlendPairCore.sol
265:      for (uint256 i = 0; i < _approvedBorrowers.length; ++i) {
270:      for (uint256 i = 0; i < _approvedLenders.length; ++i) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L265 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L270

File: contracts/FraxlendPairDeployer.sol
402:  for (uint256 i = 0; i < _lengthOfArray; ) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairDeployer.sol#L402

File: contracts/FraxlendWhitelist.sol
51:      for (uint256 i = 0; i < _addresses.length; i++) {
66:      for (uint256 i = 0; i < _addresses.length; i++) {
81:      for (uint256 i = 0; i < _addresses.length; i++) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L51 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L66 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L81

   

[G-04] ++I COSTS LESS GAS THAN I++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS (--I/I-- TOO)

Saves 6 gas PER LOOP

There are 7 instances of this issue:

File: contracts/FraxlendPair.sol
289:        for (uint256 i = 0; i < _lenders.length; i++) {
308:        for (uint256 i = 0; i < _borrowers.length; i++) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPair.sol#L289 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPair.sol#L308

File: contracts/FraxlendPairDeployer.sol
127:        for (i = 0; i < _lengthOfArray; ) {
128:            _addresses[i] = deployedPairsByName[_deployedPairsArray[i]];
129:            unchecked {
130:                i++;
131:            }
132:        }


152:        for (i = 0; i < _lengthOfArray; ) {
153:            _pairCustomStatuses[i] = PairCustomStatus({
154:                _address: _addresses[i],
155:                _isCustom: deployedPairCustomStatusByAddress[_addresses[i]]
156:            });
157:            unchecked {
158:                i++;
159:            }
160:        }

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairDeployer.sol#L127-L132 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairDeployer.sol#L152-L160

File: contracts/FraxlendWhitelist.sol
51:        for (uint256 i = 0; i < _addresses.length; i++) {
66:        for (uint256 i = 0; i < _addresses.length; i++) {
81:        for (uint256 i = 0; i < _addresses.length; i++) {

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L51 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L66 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L81

   

[G-05] FUNCTIONS GUARANTEED TO REVERT WHEN CALLED BY NORMAL USERS CAN BE MARKED PAYABLE

If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided. The extra opcodes avoided are
CALLVALUE(2),DUP1(3),ISZERO(3),PUSH2(3),JUMPI(10),PUSH1(3),DUP1(3),REVERT(0),JUMPDEST(1),POP(2), which costs an average of about 21 gas per call to the function, in addition to the extra deployment cost

There are 5 instances of this issue:

File: contracts/FraxlendPair.sol
274:    function setSwapper(address _swapper, bool _approval) external onlyOwner {
275:        swappers[_swapper] = _approval;
276:        emit SetSwapper(_swapper, _approval);
277:    }

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPair.sol#L274-L277

File: contracts/FraxlendPairDeployer.sol
170:    function setCreationCode(bytes calldata _creationCode) external onlyOwner {
171:        bytes memory _firstHalf = BytesLib.slice(_creationCode, 0, 13000);
172:        contractAddress1 = SSTORE2.write(_firstHalf);
173:        if (_creationCode.length > 13000) {
174:            bytes memory _secondHalf = BytesLib.slice(_creationCode, 13000, _creationCode.length - 13000);
175:            contractAddress2 = SSTORE2.write(_secondHalf);
176:        }
177:    }

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairDeployer.sol#L170-L177

File: contracts/FraxlendWhitelist.sol
50:    function setOracleContractWhitelist(address[] calldata _addresses, bool _bool) external onlyOwner {
51:        for (uint256 i = 0; i < _addresses.length; i++) {
52:            oracleContractWhitelist[_addresses[i]] = _bool;
53:            emit SetOracleWhitelist(_addresses[i], _bool);
54:        }
55:    }

65:    function setRateContractWhitelist(address[] calldata _addresses, bool _bool) external onlyOwner {
66:        for (uint256 i = 0; i < _addresses.length; i++) {
67:            rateContractWhitelist[_addresses[i]] = _bool;
68:            emit SetRateContractWhitelist(_addresses[i], _bool);
69:        }
70:    }

80:    function setFraxlendDeployerWhitelist(address[] calldata _addresses, bool _bool) external onlyOwner {
81:        for (uint256 i = 0; i < _addresses.length; i++) {
82:            fraxlendDeployerWhitelist[_addresses[i]] = _bool;
83:            emit SetFraxlendDeployerWhitelist(_addresses[i], _bool);
84:        }
85:    }
86:}

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L50-L55 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L65-L70 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendWhitelist.sol#L80-L86

   

[G-06] <X> += <Y> COSTS MORE GAS THAN <X> = <X> + <Y> FOR STATE VARIABLES

There are 10 instances of this issue:

File: contracts/FraxlendPairCore.sol
475:                _totalBorrow.amount += uint128(_interestEarned);
476:                _totalAsset.amount += uint128(_interestEarned);
484:                    _totalAsset.shares += uint128(_feesShare);
566:        _totalAsset.amount += _amount;
567:        _totalAsset.shares += _shares;
718:        _totalBorrow.amount += _borrowAmount;
719:        _totalBorrow.shares += uint128(_sharesAdded);
724:        userBorrowShares[msg.sender] += _sharesAdded;
772:        userCollateralBalance[_borrower] += _collateralAmount;
773:        totalCollateral += _collateralAmount;

https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L475 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L476 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L484 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L566 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L567 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L718 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L719 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L724 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L772 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L773

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter