search

code-423n4 / 2021-08-floatcapital-findings

0 stars 0 forks source link

Pass time delta into internal functions #42

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

0xImpostor

Vulnerability details

Impact

Small gas optimization if you pass the time delta into _setCurrentAccumulativeIssuancePerStakeStakedSynthSnapshot and _calculateNewCumulativeIssuancePerStakedSynth

Proof of Concept

https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L635

// https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L635
uint256 **timeDelta** = _calculateTimeDeltaFromLastAccumulativeIssuancePerStakedSynthSnapshot(marketIndex);
if (**timeDelta** > 0) {
    _setCurrentAccumulativeIssuancePerStakeStakedSynthSnapshot(
    marketIndex,
    longPrice,
    shortPrice,
    longValue,
    shortValue,
        **timeDelta**
  );
}

// https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L567
function _setCurrentAccumulativeIssuancePerStakeStakedSynthSnapshot(
  uint32 marketIndex,
  uint256 longPrice,
  uint256 shortPrice,
  uint256 longValue,
  uint256 shortValue,
    uint256 **timeDelta**
) internal virtual {
    (
    uint256 newLongAccumulativeValue,
    uint256 newShortAccumulativeValue
  ) = _calculateNewCumulativeIssuancePerStakedSynth(marketIndex, longPrice, shortPrice, longValue, shortValue, **timeDelta**);
    ...
}

// https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/Staker.sol#L531
function _calculateNewCumulativeIssuancePerStakedSynth(
  uint32 marketIndex,
  uint256 longPrice,
  uint256 shortPrice,
  uint256 longValue,
  uint256 shortValue,
    **uint256 timeDelta,**
) internal view virtual returns (uint256 longCumulativeRates, uint256 shortCumulativeRates) {
  // Compute the current 'r' value for float issuance per second.
  (uint256 longFloatPerSecond, uint256 shortFloatPerSecond) = _calculateFloatPerSecond(
    marketIndex,
    longPrice,
    shortPrice,
    longValue,
    shortValue
  );
    ...
}

Tools Used

manual analysis

JasoonS commented 2 years ago

I believe it is unfair game to award bounty for this. It is written on the line above. All wardens who read the contracts saw this.

JasoonS commented 2 years ago

https://github.com/code-423n4/2021-08-floatcapital/blob/bd419abf68e775103df6e40d8f0e8d40156c2f81/contracts/contracts/Staker.sol#L634 (the comment that was there before the code was released)

0xean commented 2 years ago

Awarding to warden based on the fact that they are being asked to review the current code base for gas optimizations and even if this optimization was commented, it wasn't implemented.