Back to z3s's contests

AbraNFT contest - z3s's results

A peer to peer lending platform, using NFTs as collateral.

General Information

Platform: Code4rena

Start Date: 27/04/2022

Pot Size: $50,000 MIM

Total HM: 6

Participants: 59

Period: 5 days

Judge: 0xean

Id: 113

League: ETH

Abracadabra Money

Findings Distribution

Researcher Performance

Rank: 25/59

Findings: 2

Award: $144.37

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAbracadabra Money

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s

Awards

89.9424 MIM - $89.94

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Non Critical

[N01] Typos in comments:

change excesss to excess:

NFTPair.sol
  90,56:     // Track assets we own. Used to allow skimming the excesss.

NFTPairWithOracle.sol
  107,56:     // Track assets we own. Used to allow skimming the excesss.

change calculateIntest to calculateInterest:

NFTPair.sol
  114,9:     // `calculateIntest`.

NFTPairWithOracle.sol
  131,9:     // `calculateIntest`.

change initialised to initialized:

NFTPair.sol
  168,39:     /// @notice Subsequent clones are initialised via `init`.

NFTPairWithOracle.sol
  185,39:     /// @notice Subsequent clones are initialised via `init`.

change transfered to transferred:

NFTPair.sol
  233,56:     /// @param skim True if the token has already been transfered
  320,49:     /// @param skim True if the funds have been transfered to the contract
  351,71:     /// @param skimCollateral True if the collateral has already been transfered
  394,54:     /// @param skimFunds True if the funds have been transfered to the contract

NFTPairWithOracle.sol
  253,56:     /// @param skim True if the token has already been transfered
  355,49:     /// @param skim True if the funds have been transfered to the contract
  386,71:     /// @param skimCollateral True if the collateral has already been transfered
  428,54:     /// @param skimFunds True if the funds have been transfered to the contract

change commited to committed:

NFTPair.sol
  389,44:     /// @notice Take collateral from a pre-commited borrower and lend against it

NFTPairWithOracle.sol
  423,44:     /// @notice Take collateral from a pre-commited borrower and lend against it

change inquality to inequality:

NFTPair.sol
  434,22:     /// of the above inquality) fits in 128 bits, then the function is

NFTPairWithOracle.sol
  467,22:     /// of the above inquality) fits in 128 bits, then the function is

#0 - cryptolyndon

2022-05-13T05:11:52Z

(seen)

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s

Awards

54.4297 MIM - $54.43

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas Optimizations

[G01] In updateLoanParams() change memory to storage:

gas savings:

  • 28328 in NFTPair Deployments
  • 901 in updateLoanParams()
NFTPair.sol:182
    - TokenLoan memory loan = tokenLoan[tokenId];
    + TokenLoan storage loan = tokenLoan[tokenId];

NFTPair.sol:187
    - TokenLoanParams memory cur = tokenLoanParams[tokenId];
    + TokenLoanParams storage cur = tokenLoanParams[tokenId];

Do same in NFTPairWithOracle.sol.

[G02] In removeCollateral() change memory to storage then cache load.status:

gas savings:

  • 14068 in NFTPair Deployments
  • 284 in removeCollateral()

change:

function removeCollateral(uint256 tokenId, address to) public {
    TokenLoan memory loan = tokenLoan[tokenId];
    if (loan.status == LOAN_REQUESTED) {
        // We are withdrawing collateral that is not in use:
        require(msg.sender == loan.borrower, "NFTPair: not the borrower");
    } else if (loan.status == LOAN_OUTSTANDING) {
        // We are seizing collateral as the lender. The loan has to be
        // expired and not paid off:
        require(to == loan.lender, "NFTPair: not the lender");
        require(
            // Addition is safe: both summands are smaller than 256 bits
            uint256(loan.startTime) + tokenLoanParams[tokenId].duration <= block.timestamp,
            "NFTPair: not expired"
        );
    }
    // If there somehow is collateral but no accompanying loan, then anyone
    // can claim it by first requesting a loan with `skim` set to true, and
    // then withdrawing. So we might as well allow it here..
    delete tokenLoan[tokenId];
    collateral.transferFrom(address(this), to, tokenId);
    emit LogRemoveCollateral(tokenId, to);
}

to:

function removeCollateral(uint256 tokenId, address to) public {
    TokenLoan storage loan = tokenLoan[tokenId];
    uint8 loanStatus = loan.status;
    if (loanStatus == LOAN_REQUESTED) {
        // We are withdrawing collateral that is not in use:
        require(msg.sender == loan.borrower, "NFTPair: not the borrower");
    } else if (loanStatus == LOAN_OUTSTANDING) {
        // We are seizing collateral as the lender. The loan has to be
        // expired and not paid off:
        require(to == loan.lender, "NFTPair: not the lender");
        require(
            // Addition is safe: both summands are smaller than 256 bits
            uint256(loan.startTime) + tokenLoanParams[tokenId].duration <= block.timestamp,
            "NFTPair: not expired"
        );
    }
    // If there somehow is collateral but no accompanying loan, then anyone
    // can claim it by first requesting a loan with `skim` set to true, and
    // then withdrawing. So we might as well allow it here..
    delete tokenLoan[tokenId];
    collateral.transferFrom(address(this), to, tokenId);
    emit LogRemoveCollateral(tokenId, to);
}

Do same in NFTPairWithOracle.sol.

[G03] In _lend() save SLOAD by caching asset:

gas savings:

  • 1320 in NFTPair Deployments
  • 205 in lend()
  • 210 in requestAndBorrow()
  • 204 in takeCollateralAndLend()
+ IERC20 assetCache = asset;

change assets with assetCache

Do same in NFTPairWithOracle.sol.

[G04] In repay() save SLOAD by caching asset:

gas savings:

  • 420 in NFTPair Deployments
  • 304 in repay()
+ IERC20 assetCache = asset;

change assets with assetCache

Do same in NFTPairWithOracle.sol.

#0 - cryptolyndon

2022-05-14T01:52:50Z

Seen, thanks

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter