Back to tnevler's contests

Olympus DAO contest - tnevler's results

Version 3 of Olympus protocol, a decentralized floating currency.

General Information

Platform: Code4rena

Start Date: 25/08/2022

Pot Size: $75,000 USDC

Total HM: 35

Participants: 147

Period: 7 days

Judge: 0xean

Total Solo HM: 15

Id: 156

League: ETH

Olympus DAO

Findings Distribution

Researcher Performance

Rank: 79/147

Findings: 2

Award: $86.91

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOlympus DAO

Findings Information

🌟 Selected for report: zzzitron

Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas

Awards

54.3129 DAI - $54.31

Labels

bug
QA (Quality Assurance)
sponsor confirmed

External Links

Link to GitHub issue

Low Risk and Non-Critical Issues

Low Risk

[L-01]: Missing check

Context:

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/modules/PRICE.sol#L79

Description:

Missing check that observationFrequency_ not equal to zero.

For example, there is a check that observationFrequency_ not equal to zero here.

Constructor will not indicate Price_InvalidParams() error without that check.

Recommendation:

Change to:

if (observationFrequency_ == 0 || movingAverageDuration_ == 0 || movingAverageDuration_ % observationFrequency_ != 0)

Non-Critical Issues

[N-01]: Constants instead of unknown variables

Context:

Description:

Use constant variables to make the code easier to understand and maintain.

Recommendation:

Define constants instead of unknown variables.

[N-02]: Public function can be external

Context:

Description:

Public functions can be declared external if they are not called by the contract.

Recommendation:

Declare these functions as external instead of public.

Findings Information

🌟 Selected for report: pfapostol

Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami

Awards

32.597 DAI - $32.60

Labels

bug
G (Gas Optimization)
sponsor confirmed
edited-by-warden

External Links

Link to GitHub issue

Report

Gas Optimizations

[G-01]: Use new variable instead of reading array length in every loop of a for-loop

Context:

https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/Governance.sol#L278

Description:

If you read the length of the array at each iteration of the loop, this consumes a lot of gas.

Recommendation:

Store the array’s length in a variable before the for-loop, and use this new variable in the loop.

[G-02]: variable can be immutable

Context:

https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/BondCallback.sol#L32

Description:

Variable is set in the constructor and never modified after that.

Recommendation:

It is more gas efficient to mark it as immutable.

[G-03]: X += Y costs more gas than X = X + Y

**Context: **

Recommendation:

Change X += Y (X -= Y) to X = X + Y (X = X - Y).

[G-04]: i++ costs more gas than ++i

Context:

Recommendation:

Change i++ (i--) to ++i (--i).

[G-05]: Don't initialize variable with its default value

Context:

Description:

Default value of uint is 0. It's unnecessary and costs more gas to initialize uint variavles to 0.

Recommendation:

Change uint256 i = 0; to uint256 i;

[G-06]: >0 costs more gas than !=0

Context:

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L247

Description:

uint256 is a unsigned integer.

userVotesForProposal[activeProposal.proposalId][msg.sender] will never be less than 0.

Recommendation:

Change to

if (userVotesForProposal[activeProposal.proposalId][msg.sender] != 0) {
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter