ElasticSwap contest - ye0lde's results

The first AMM for Elastic Supply Tokens.

General Information

Platform: Code4rena

Start Date: 20/01/2022

Pot Size: $50,000 USDC

Total HM: 3

Participants: 35

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 2

Id: 77

League: ETH

ElasticSwap

Findings Distribution

Researcher Performance

Rank: 17/35

Findings: 2

Award: $75.84

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository ElasticSwap

Findings Information

🌟 Selected for report: WatchPug

Also found by: ye0lde

Labels

bug

duplicate

G (Gas Optimization)

Awards

47.9414 USDC - $47.94

External Links

Link to GitHub issue

Handle

ye0lde

Vulnerability details

Impact

A struct is being assigned its default value which is unnecessary. Removing the assignment will save gas when deploying.

Proof of Concept

https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/contracts/Exchange.sol#L27-L28

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Remove the assignment.

Or if you feel it is important to show the default assignment will occur then replace the assignments with a comment.

I suggest the following:

Change this:

    MathLib.InternalBalances public internalBalances =   
        MathLib.InternalBalances(0, 0, 0);

to something like:

    MathLib.InternalBalances public internalBalances;      // Tracking x*y=k with x=0, y=0, k=0 initially

#0 - 0xean
2022-01-31T14:15:46Z

dupe of #158

Findings Information

🌟 Selected for report: pauliax

Also found by: Dravee, Jujic, OriDabush, Tomio, WatchPug, defsec, gzeon, ye0lde

Labels

bug

duplicate

G (Gas Optimization)

Awards

5.0956 USDC - $5.10

External Links

Link to GitHub issue

Handle

ye0lde

Vulnerability details

Impact

Redundant arithmetic underflow/overflow checks can be avoided when an underflow/overflow cannot happen.

Proof of Concept

The "unchecked" keyword can be applied to these since there is an if statement before to ensure the arithmetic operations would not cause an integer underflow or overflow.

https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/contracts/Exchange.sol#L224-L229

Change the code at 224 to:

        unchecked {
            // We should ensure no possible overflow here.           
            if (quoteTokenQtyToReturn > internalBalances.quoteTokenReserveQty) {
                internalBalances.quoteTokenReserveQty = 0;
            } else {
                internalBalances.quoteTokenReserveQty -= quoteTokenQtyToReturn;
            }
        }

https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/libraries/MathLib.sol#L75-L78

Change the code at 75 to:

        unchecked {
            if (a >= b) {
                return a - b;
            }
            return b - a;
        }

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Add the "unchecked" keyword as shown above.

#0 - 0xean
2022-01-31T13:54:48Z

dupe of #177

Findings Information

🌟 Selected for report: WatchPug

Also found by: Dravee, robee, ye0lde

Labels

bug

duplicate

G (Gas Optimization)

Awards

19.4163 USDC - $19.42

External Links

Link to GitHub issue

Handle

ye0lde

Vulnerability details

Impact

Using the existing named returns more efficiently can reduce gas usage and improve code clarity.

Proof of Concept

These functions have named return variables and don't need explicit return statements at the end.

I suggest deleting the following explicit returns: https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/libraries/MathLib.sol#L282 https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/libraries/MathLib.sol#L362

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

See POC

#0 - 0xean
2022-01-31T14:27:01Z

dupe of #151

ElasticSwap contest - ye0lde's results

The first AMM for Elastic Supply Tokens.

General Information

Findings Distribution

Researcher Performance

External Links

Gas Report - $75.84

Gas Report - $75.84

[G-01] Long revert strings - $3.38

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xean2022-01-31T14:08:36Z

[G-04] Assignment Of Variables To Default - $47.94

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xean2022-01-31T14:15:46Z

[G-03] Save Gas With The Unchecked Keyword - $5.10

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xean2022-01-31T13:54:48Z

[G-02] Redundant Explicit Returns - $19.42

Findings Information

Labels

Awards

External Links

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - 0xean2022-01-31T14:27:01Z

#0 - 0xean
2022-01-31T14:08:36Z

#0 - 0xean
2022-01-31T14:15:46Z

#0 - 0xean
2022-01-31T13:54:48Z

#0 - 0xean
2022-01-31T14:27:01Z