Back to tnevler's contests

Canto Dex Oracle contest - tnevler's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 07/09/2022

Pot Size: $20,000 CANTO

Total HM: 7

Participants: 65

Period: 1 day

Judge: 0xean

Total Solo HM: 3

Id: 159

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 57/65

Findings: 1

Award: $39.22

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: lukris02

Also found by: 0x040, 0x1f8b, 0x52, 0xA5DF, 0xNazgul, 0xSky, Bnke0x0, Bronicle, CertoraInc, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, EthLedger, IgnacioB, JC, JansenC, Jeiwan, R2, RaymondFam, ReyAdmirado, Rolezn, SinceJuly, TomJ, Tomo, Yiko, a12jmx, ajtra, ak1, codexploder, cryptphi, csanuragjain, erictee, fatherOfBlocks, gogo, hake, hansfriese, hickuphh3, ignacio, ontofractal, oyc_109, p_crypt0, pashov, peritoflores, rajatbeladiya, rbserver, rokinot, rvierdiiev, tnevler

Awards

242.8216 CANTO - $39.22

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Low Risk and Non-Critical Issues

Low Risk

[L-01]: Division by 0

Context:

return (reserveAverageCumulative0 / granularity, reserveAverageCumulative1 / granularity);

https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L234

return (totalSupplyCumulativeAvg / granularity);

https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L268

Description:

Input variable granularity can be zero. This will cause division by zero.

Recommendation:

Add a check at the beginning of the both functions:

require(granularity > 0);

[L-02]: Check input variables that they are not equal to 0

Context:

Description:

Input variable points and window can be equal to 0. Then BaseV1-core.sampleReserves and BaseV1-core.sampleSupply functions can return array with length = 0 or array with lenght = points but it will contain only zeros.

Recommendation:

Add a check at the beginning of the both functions:

require(points > 0 && window > 0);

Non-Critical Issues

[N-01]: Use constants instead of literal values

Context:

Description:

Use constant variables to make the code easier to understand and maintain.

Recommendation:

Define constants for these literal values: 8, 1e18.

[N-02]: Wrong order of functions

Context:

Description:

According official solidity documentation functions should be grouped according to their visibility and ordered:

  • constructor

  • receive function (if exists)

  • fallback function (if exists)

  • external

  • public

  • internal

  • private

Recommendation:

Put the functions in the correct order according to the documentation.

[N-03]: Use input variable instead of reading array length in every loop of a for-loop

Context:

for (uint i = 0; i < _reserves0.length; ++i) {

https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L229

for (uint i = 0; i < _totalSupplyAvg.length; ++i) {

https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L264

Description:

granularity is equal to the length of the array.

Recommendation:

Change L229 and L264 to:

for (uint i = 0; i < granularity; ++i) {

[N-04]: Line is too long

Context:

observations.push(Observation(blockTimestamp, reserve0CumulativeLast, reserve1CumulativeLast, totalSupplyCumulativeLast));

https://github.com/code-423n4/2022-09-canto/blob/main/src/Swap/BaseV1-core.sol#L149

Description:

According official solidity documentation line lengths are recommended to be no greater than 79 (or 99) characters. L149 length is 122 characters.

Recommendation:

Reduce line length.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter