Platform: Code4rena
Start Date: 25/11/2021
Pot Size: $80,000 USDC
Total HM: 35
Participants: 32
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 27
Id: 59
League: ETH
Rank: 16/32
Findings: 3
Award: $761.02
๐ Selected for report: 4
๐ Solo Findings: 0
๐ Selected for report: thank_you
Also found by: 0x0x0x, Koustre, Meta0xNull, WatchPug, cmichel, defsec, harleythedog, hyh, leastwood, pauliax, pmerkleplant, tabish, xYrYuYx
xYrYuYx
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/DexHandlers/UniswapHandler.sol#L150 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/DexHandlers/UniswapHandler.sol#L160
Now amountOutMin value is 0. This will lead to buy less malt due to frontrun bots.
Manual
Add amountOutMin value in buyMalt function
#0 - 0xScotch
2021-12-10T00:17:25Z
#219
#1 - GalloDaSballo
2022-01-09T22:14:57Z
Duplicate of #219
๐ Selected for report: xYrYuYx
56.5245 USDC - $56.52
xYrYuYx
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/StabilizerNode.sol#L167
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/StabilizerNode.sol#L219
Before call _distributeSupply function, it already get priceTarget, But in _distributeSupply, it again call external call to get price target. This will use higher gas.
Manual
Send price target in _distributeSupply() function argument, and please review all duplicated external calls and optimize them.
#0 - GalloDaSballo
2021-12-28T14:00:40Z
Finding is valid, solution could be by using value as parameter, or putting the if check in the internal function (which allows caching the priceTarget to memory)
๐ Selected for report: xYrYuYx
56.5245 USDC - $56.52
xYrYuYx
costBasis() function in SwingTrader.sol returns cost and decimals, But decimals variable is not used in anywhere inside contract.
Manual
Re-check if decimals is required, and remove if itโs not required.
#0 - 0xScotch
2021-12-07T18:00:45Z
May not be used right now but could be useful to have in the future.
#1 - GalloDaSballo
2021-12-30T16:13:21Z
Finding is valid, if the sponsor has a plan for using it, then a no-fix is fine
xYrYuYx
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/SwingTrader.sol#L102
if maxAmount is greater than totalMaltBalance, we also need to set deployedCapital as 0
Manual
Change maxAmount != totalMaltBalance to maxAmount < totalMaltBalance
#0 - 0xScotch
2021-12-08T14:18:08Z
#357
#1 - GalloDaSballo
2022-01-26T13:31:32Z
Duplicte of #357
xYrYuYx
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/SwingTrader.sol#L170
_profitCut is uint256 type, so it is always equal or greater than 0. So it is fine to remove _profitCut >= 0
Manual
Change require(_profitCut >= 0 && _profitCut <= 1000, "Must be between 0 and 100%"); to require(_profitCut <= 1000, "Must be between 0 and 100%");
#0 - 0xScotch
2021-12-08T18:15:48Z
#309
๐ Selected for report: xYrYuYx
56.5245 USDC - $56.52
xYrYuYx
In removeVerifier function, it loop until last index - 1 to find source index. If you added many verifiers, then the gas cost of removeVerifier will be very high, and it can be reverted due to gas limit as well.
Manual
Store index of address in addVerifier function, and remove loop in removeVerifier, and use stored index.
#0 - GalloDaSballo
2021-12-30T16:59:10Z
Agree with the finding
15.2616 USDC - $15.26
xYrYuYx
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/AbstractRewardMine.sol#L29 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/AbstractRewardMine.sol#L39 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/TransferService.sol#L29 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/TransferService.sol#L47 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/TransferService.sol#L54 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/TransferService.sol#L71 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/SwingTrader.sol#L169
These functions are external functions which are not used internally.
So we can use external keyword instead of public to reduce gas
Manual
Change public to external keyword
#0 - 0xScotch
2021-12-10T17:50:09Z
#163
15.2616 USDC - $15.26
xYrYuYx
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/SwingTrader.sol#L109 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/SwingTrader.sol#L110 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/SwingTrader.sol#L156 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/SwingTrader.sol#L149
There are two many external calls to get decimals. Collateral token and malt tokens are immutable values, and its decimals are also constant. So if you store these tokens decimals in initialize function, you can reduce gas in other functions.
Manual
Store token decimals in initialize function and use stored decimals in other functions.
#0 - 0xScotch
2021-12-08T18:29:18Z
#371
#1 - GalloDaSballo
2021-12-30T16:56:54Z
Duplicate of #371
๐ Selected for report: xYrYuYx
367.919 USDC - $367.92
xYrYuYx
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/TransferService.sol#L62 https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/TransferService.sol#L78
In addVerifier and removeVerifier functions of TransferService.sol, it just returns instead of revert if it is unable to change data. Revert transaction to avoid creating unnecessary transaction and save transaction cost.
Manual
Revert transaction instead of return.
#0 - GalloDaSballo
2022-01-18T14:39:02Z
Not a fan of the dogmatic idea of revert if no change. But the sponsor confirms so we'll allow