Open code423n4 opened 2 years ago
require()
&&
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L86
Recommended Mitigation Steps: Change to:
require(basePrice > 0, "ChainlinkPriceOracle: NEGATIVE"); require(quotePrice > 0, "ChainlinkPriceOracle: NEGATIVE");
========================================================================
.length()
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L39 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L60 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L38 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L50
uint length = assets.length(); for (uint i; i < length ; ++i) {
!=
>
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L76 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L86 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L98
require(lastAssetBalanceInBase != 0, "Index: INSUFFICIENT_AMOUNT");
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L30
for (uint i; i < _assets.length;) { address asset = _assets[i]; uint8 weight = _weights[i]; weightOf[asset] = weight; assets.add(asset); emit UpdateAnatomy(asset, weight); unchecked{ ++i; //@audit-info: Place here with unchecked } }
+=
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L71
_totalWeight += newWeight - prevWeight;
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndexReweightingLogic.sol#L74-L78 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L79-L83 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L96
Recommended Mitigation Steps: Using if statement can save gas Change to:
if (newShares > oldShares) { orderer.addOrderDetails(orderId, asset, newShares - oldShares, IOrderer.OrderSide.Buy); } if (oldShares > newShares) { //@audit-info: Replacing else if with if statement here orderer.addOrderDetails(orderId, asset, oldShares - newShares, IOrderer.OrderSide.Sell); }
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L33 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L24 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L27
Recommended Mitigation Steps: use immutable
immutable
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/vToken.sol#L219
Recommended Mitigation Steps: by removing L#23 and directly call SafeERC20.function
SafeERC20.function
Change to:
SafeERC20.safeTransfer(asset, _recipient, Math.min(_amount, balance))
require()instead of&&can save gasProof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ChainlinkPriceOracle.sol#L86
Recommended Mitigation Steps: Change to:
========================================================================
.length()for loop can save gasProof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L39 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L60 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L38 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L50
Recommended Mitigation Steps: Change to:
========================================================================
!=instead of>is more gas efficientProof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L76 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L86 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/IndexLogic.sol#L98
Recommended Mitigation Steps: Change to:
========================================================================
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L30
Recommended Mitigation Steps: Change to:
========================================================================
+=to increase value on varProof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L71
Recommended Mitigation Steps: Change to:
========================================================================
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndexReweightingLogic.sol#L74-L78 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L79-L83 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndexReweightingLogic.sol#L96
Recommended Mitigation Steps: Using if statement can save gas Change to:
========================================================================
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L33 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L24 https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/PhuturePriceOracle.sol#L27
Recommended Mitigation Steps: use
immutable========================================================================
Proof of Concept: https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/vToken.sol#L219
Recommended Mitigation Steps: by removing L#23 and directly call
SafeERC20.functionChange to:
========================================================================