Phuture Finance contest - windhustler's results

File: PhutureIndex.sol

function _chargeAUMFee(address _feePool) internal

Proof of Concept

Reading factory from storage two times. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhutureIndex.sol#L57 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhutureIndex.sol#L65

Recommended Mitigation Steps

Initialise temporary variable for factory after if(timePassed > 0) line:

uint _factory = factory;

File: IndexLogic.sol

function mint(address _recipient) external override

Proof of Concept

Reading various variables from storage multiple times.

assets inside for (uint i; i < assets.length(); ++i) accessed on each loop iteration. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L39

assets.at(i) accessed six times on each loop iteration. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L40 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L41 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L44 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L47 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L48 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L49

weightOf[assets.at(i)] accessed two times on each loop iteration. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L41 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L49

inactiveAssets inside for (uint i; i < inactiveAssets.length(); ++i) accessed on each loop iteration. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L60

inactiveAssets.at(i) accessed three times on each loop iteration. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L61 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L63

totalSupply() accessed two times on each loop iteration. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L63 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L63

Recommended Mitigation Steps

Break down the logic inside the mint function into several smaller functions and for each of the storage variables mentioned above initialize a temporary variable.

File: IndexLogic.sol

function burn(address _recipient) external override

Proof of Concept

Reading various variables from storage multiple times.

inactiveAssets inside for (uint i; i < length + inactiveAssets.length(); ++i) accessed on each loop iteration. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L125

totalSupply() accessed three times. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L125 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L142

Recommended Mitigation Steps

Break down the logic inside the burn function into several smaller functions and for each of the storage variables mentioned above initialize a temporary variable.

File: UniswapV2PriceOracle.sol

function refreshedAssetPerBaseInUQ(address _asset) external override returns (uint)

Proof of Concept

Potentially unnecessary reading of price0Cumulative and price1Cumulative variables from storage in case the time elapsed is less than MIN_UPDATE_INTERVAL. https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/UniswapV2PriceOracle.sol#L62

Recommended Mitigation Steps

First get the blockTimestamp to calculate the timeElapsed and move fetching of the price0Cumulative and price1Cumulative after the if clause if (timeElapsed >= MIN_UPDATE_INTERVAL). This requires a change in UniswapV2OracleLibrary which should accept a blockTimestamp as an additional parameter.