code423n4 commented 2 years ago

Handle

0xRajeev

Vulnerability details

Impact

Using unchecked{} where the underlying arithmetic can be determined to not overflow/underflow will save gas from skipping the built-in Solidity checks of compiler version >= 0.8.0.

Example 1: based on the control flow, we can determine that lastFee will always be less than block.timestamp and therefore we can use unchecked{} for their subtraction on Basket:L116 because there is no risk of underflow.  Example 2: Given the mints, we can be assured that totalSupply() >= startSupply and therefore the RHS on L124 will be <= ibRatio and therefore we can use unchecked{} for the calculation.

Proof of Concept

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L116

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L124

Tools Used

Manual Analysis

Recommended Mitigation Steps

Use unchecked{} where the underlying arithmetic can be determined to not overflow/underflow

GalloDaSballo commented 2 years ago

Agree with finding

GalloDaSballo commented 2 years ago

Duplicate of #135

code-423n4 / 2021-09-defiprotocol-findings

Use unchecked{} where the underlying arithmetic can be determined to not overflow/underflow  #152

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

code-423n4 / 2021-09-defiprotocol-findings

Use unchecked{} where the underlying arithmetic can be determined to not overflow/underflow #152

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Use unchecked{} where the underlying arithmetic can be determined to not overflow/underflow  #152