Kuiper contest - ye0lde's results

Automated portfolio protocol.

General Information

Platform: Code4rena

Start Date: 08/12/2021

Pot Size: $30,000 ETH

Total HM: 12

Participants: 26

Period: 3 days

Judge: leastwood

Total Solo HM: 9

Id: 65

League: ETH

Kuiper

Findings Distribution

Researcher Performance

Rank: 13/26

Findings: 2

Award: $54.23

🌟 Selected for report: 2

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Kuiper

Findings Information

🌟 Selected for report: GiveMeTestEther

Also found by: Jujic, TomFrenchBlockchain, WatchPug, gzeon, kenzo, sirhashalot, ye0lde

Labels

bug

duplicate

G (Gas Optimization)

Awards

2.4482 USDC - $2.45

External Links

Link to GitHub issue

Handle

ye0lde

Vulnerability details

Impact

A variable is being assigned its default value in the constructor which is unnecessary. Removing the assignment will save gas when deploying.

Proof of Concept

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Factory.sol#L22

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Remove line #22

#0 - 0xleastwood
2022-03-27T22:47:53Z

Duplicate of #45

Findings Information

🌟 Selected for report: 0x0x0x

Also found by: ye0lde

Labels

bug

duplicate

G (Gas Optimization)

Awards

18.4266 USDC - $18.43

External Links

Link to GitHub issue

Handle

ye0lde

Vulnerability details

Impact

Gas savings and code clarity

Proof of Concept

Below are several occurrences of comparison with literal boolean values of true or false: https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Auction.sol#L37

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L92 https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L259

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Use the compared expression itself in place of comparison with a boolean literal. The expression can be replaced as is when the expression is expected to evaluate to true and negation can be used when the expression is expected to have a false value.

#0 - 0xleastwood
2022-03-27T23:01:31Z

Duplicate of #138

Findings Information

🌟 Selected for report: ye0lde

Also found by: neslinesli93

Labels

bug

G (Gas Optimization)

Awards

18.4266 USDC - $18.43

External Links

Link to GitHub issue

Handle

ye0lde

Vulnerability details

Impact

Reducing redundant code and state variable references can reduce gas usage and improve code clarity.

Proof of Concept

The changePublisher function: https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L157-L173

I suggest this refactoring:

    function changePublisher(address newPublisher) onlyPublisher public override {
        require(newPublisher != address(0));

        if (pendingPublisher.publisher != address(0) && pendingPublisher.publisher == newPublisher) {
            require(block.timestamp >= pendingPublisher.timestamp + TIMELOCK_DURATION);
            pendingPublisher.publisher = address(0);
            emit ChangedPublisher(publisher = newPublisher);  
        } else {
            pendingPublisher.timestamp = block.timestamp;
            emit NewPublisherSubmitted(pendingPublisher.publisher = newPublisher);  
        }
    }

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

See POC for details.

Findings Information

🌟 Selected for report: ye0lde

Also found by: GiveMeTestEther, WatchPug, kenzo

Labels

bug

G (Gas Optimization)

Awards

7.4628 USDC - $7.46

External Links

Link to GitHub issue

Handle

ye0lde

Vulnerability details

Impact

Eliminating intermediate variables and reducing state variable references can reduce gas usage and improve code clarity.

Proof of Concept

The handleFees function is here: https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L148-L151

I suggest this refactoring for #L148-L151:

		emit NewIBRatio(ibRatio = ibRatio * startSupply / totalSupply());

The updateIBRatio function is here: https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L266-L272

I suggest this refactoring:

    function updateIBRatio(uint256 newRatio) onlyAuction external override returns (uint256) {

        emit NewIBRatio(ibRatio = newRatio);

        return newRatio; 
    }

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

See POC for details.

Kuiper contest - ye0lde's results

Automated portfolio protocol.

General Information

Findings Distribution

Researcher Performance

External Links

Gas Report - $54.23

Gas Report - $54.23

[G-02] "> 0" is less efficient than "!= 0" for unsigned integers - $7.46

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xleastwood2022-03-27T10:26:47Z

[G-13] Assignment Of Variable To Default in the constructor - $2.45

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xleastwood2022-03-27T22:47:53Z

[G-04] Comparison with literal boolean values - $18.43

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xleastwood2022-03-27T23:01:31Z

🌟 [G-39] Function changePublisher, changeLicenseFee, and setNewMaxSupply can be refactored for efficiency and clarity - $18.43

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

🌟 [G-16] Function handleFees #L148-L151 and updateIBRatio (Basket.sol) can be refactored for efficiency and clarity - $7.46

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xleastwood
2022-03-27T10:26:47Z

#0 - 0xleastwood
2022-03-27T22:47:53Z

#0 - 0xleastwood
2022-03-27T23:01:31Z