search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Explicit initialization with zero not required #170

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

Dravee

Vulnerability details

Impact

Explicit initialization with zero is not required for variable declaration because uints are 0 by default. Removing this will reduce contract size and save a bit of gas.

Proof of Concept

Instances:

ActivePool.sol:
  133:         for (uint i = 0; i < poolColl.tokens.length; i++) {
  167:         for (uint i = 0; i < _tokens.length; i++) {
  184:         for (uint i = 0; i < _tokens.length; i++) {

BorrowerOperations.sol:
   699:         for (uint256 i = 0; i < _tokensIn.length; i++) {
   737:         for (uint256 i = 0; i < len; i++) {
   873:         for (uint256 i = 0; i < _colls.length; i++) {
   890:         for (uint256 i = 0; i < arr.length; i++) {
   920:         for (uint256 i = 0; i < _colls1.length; i++) {
   921:             for (uint256 j = 0; j < _colls2.length; j++) {
   929:         for (uint256 i = 0; i < _colls.length; i++) {
  1061:         for (uint i = 0; i < _routers.length; i++) {
  1068:         for (uint i = 0; i < _indices.length - 1; i++) {

DefaultPool.sol:
   97:         for (uint256 i = 0; i < poolColl.tokens.length; i++) {
  133:         for (uint256 i = 0; i < _tokens.length; i++) {

HintHelpers.sol:
  139:         for (uint256 i = 0; i < colls.tokens.length; i++) {

MultiTroveGetter.sol:
   73:         for (uint idx = 0; idx < _startIdx; ++idx) {
   79:         for (uint idx = 0; idx < _count; ++idx) {
   90:         for (uint idx = 0; idx < _startIdx; ++idx) {
   96:         for (uint idx = 0; idx < _count; ++idx) {
  110:         for (uint i = 0; i < data.allColls.length; i++) {

StabilityPool.sol:
   562:         for (uint256 i = 0; i < _amountsAdded.length; i++) {
   588:         for (uint256 i = 0; i < _amountsAdded.length; i++) {
   592:         for (uint256 i = 0; i < _amountsAdded.length; i++) {
   628:         for (uint256 i = 0; i < _assets.length; i++) {
   720:         for (uint256 i = 0; i < assets.length; i++) {
   942:         for (uint256 i = 0; i < assets.length; i++) {
   994:             for (uint256 i = 0; i < colls.length; ++i) {
  1011:         for (uint256 i = 0; i < allColls.length; i++) {

TeamAllocation.sol:
  66:         for (uint i = 0; i < 7; i++) {

TroveManager.sol:
  234:         for (uint i = 0; i < _lowerHints.length; i++) {
  348:         for (uint i = 0; i < allColls.length; i++) {
  374:         for (uint i = 0; i < allColls.length; i++ ) {
  397:         for (uint i = 0; i < allColls.length; i++ ) {
  420:         for (uint i = 0; i < assets.length; i++) {
  460:         for (uint i = 0; i < borrowerColls.length; i++) {
  476:         for (uint i = 0; i < Troves[_borrower].colls.tokens.length; i++) {
  525:         for (uint i = 0; i < _tokens.length; i++) {
  582:         for (uint i = 0; i < allColls.length; i++) {
  603:         for (uint i = 0; i < _tokens.length; i++) {

TroveManagerLiquidations.sol:
  394:         for (uint256 i = 0; i < vars.collToLiquidate.tokens.length; i++) {
  475:         for (uint256 i = 0; i < vars.collToLiquidate.tokens.length; i++) {
  701:             for (uint256 i = 0; i < _collsToLiquidate.tokens.length; i++) {
  721:             for (uint256 i = 0; i < _collsToLiquidate.tokens.length; i++) {
  808:         for (uint i = 0; i < _troveTokens.length; i++) {
  840:         for (uint i = 0; i < _colls.tokens.length; i++) {

TroveManagerRedemptions.sol:
  304:         for (uint256 i = 0; i < colls.tokens.length; i++) {
  367:             for (uint256 i = 0; i < colls.tokens.length; i++) {
  516:         uint256 total = 0;
  517:         for (uint256 i = 0; i < coll.amounts.length; i++) {

Dependencies\LiquityBase.sol:
   34:     // uint constant public MIN_NET_DEBT = 0; 
   63:         for (uint i = 0; i < _coll.tokens.length; i++) {
   97:         for (uint i = 0; i < _tokens.length; i++) {
  106:         for (uint i = 0; i < _colls.tokens.length; i++) {
  115:         for (uint i = 0; i < _colls.tokens.length; i++) {
  149:         for (uint i = 0; i < tokens.length; i++) {
  158:         for (uint i = 0; i < coll.tokens.length; i++) {
  168:         for (uint i = 0; i < _coll.tokens.length; i++) {

Dependencies\YetiCustomBase.sol:
   35:         uint256 n = 0;
   36:         for (uint256 i = 0; i < _coll1.tokens.length; i++) {
   44:         for (uint256 i = 0; i < _coll2.tokens.length; i++) {
   56:         uint256 j = 0;
   59:         for (uint256 i = 0; i < coll3.tokens.length; i++) {
  104:         for (uint256 i = 0; i < _tokens.length; i++) {
  122:         for (uint256 i = 0; i < _subTokens.length; i++) {
  142:         uint256 n = 0;
  144:         for (uint256 i = 0; i < _coll1.tokens.length; i++) {
  152:         for (uint256 i = 0; i < _tokens.length; i++) {
  163:         uint256 j = 0;
  165:         for (uint256 i = 0; i < coll3.tokens.length; i++) {
  178:         for (uint i = 0; i < _arr.length; i++) {

LPRewards\Pool2Unipool.sol:
  80:     uint256 public periodFinish = 0;
  81:     uint256 public rewardRate = 0;

LPRewards\Unipool.sol:
  80:     uint256 public periodFinish = 0;
  81:     uint256 public rewardRate = 0;

YETI\BoringCrypto\BoringBatchable.sol:
  37:         for (uint256 i = 0; i < calls.length; i++) {

YETI\BoringCrypto\BoringERC20.sol:
  19:             uint8 i = 0;

Tools Used

Manual Analysis

Recommended Mitigation Steps

Remove explicit initialization with zero.

kingyetifinance commented 2 years ago

Duplicate #13

alcueca commented 2 years ago

Taking as main