Comments (11)
https://github.com/LooksRare/contracts-infiltration/pull/150
from 2023-10-looksrare-judging.
Escalate
This issue is invalid. Agent ID is either 0 or already set a value. If the agent ID is 0 the OR here does the correct thing by setting the ID of the uninitialized agent. If the agent ID is already set then the or here does not have any impact.
Only use case
1- Say the agent ID in storage is 0 and we need to set it to 200
0 OR 200 = 200
Unnecessary assembly operation
2- Say the agent ID in storage is 60 and we need to set it to 60
60 or 60 = 60
this is unnecessary because lastAgentId
is always equal to the last 16 bits of the agent ID. Doing an OR operation is unnecessary for the agent that already has initialized ID. As stated above, it only useful when the agentId is 0.
Regarding to this part:
lastAgentCurrentValue := and(lastAgentCurrentValue, not(AGENT__STATUS_OFFSET))
this part is completely unnecessary because we are 100% sure that the lastAgents status is indeed ACTIVE which is 00000000
you can comment this line in the code and run tests, nothing will change.
from 2023-10-looksrare-judging.
Agreed, suggestion to make this issue invalid since gas findings are not accepted based on sherlock rules.
from 2023-10-looksrare-judging.
Escalate
This issue is invalid. Agent ID is either 0 or already set a value. If the agent ID is 0 the OR here does the correct thing by setting the ID of the uninitialized agent. If the agent ID is already set then the or here does not have any impact.
Only use case
1- Say the agent ID in storage is 0 and we need to set it to 2000 OR 200 = 200
Unnecessary assembly operation
2- Say the agent ID in storage is 60 and we need to set it to 60
60 or 60 = 60this is unnecessary because
lastAgentId
is always equal to the last 16 bits of the agent ID. Doing an OR operation is unnecessary for the agent that already has initialized ID. As stated above, it only useful when the agentId is 0.Regarding to this part:
lastAgentCurrentValue := and(lastAgentCurrentValue, not(AGENT__STATUS_OFFSET))
this part is completely unnecessary because we are 100% sure that the lastAgents status is indeed ACTIVE which is 00000000you can comment this line in the code and run tests, nothing will change.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
from 2023-10-looksrare-judging.
https://github.com/LooksRare/contracts-infiltration/pull/175
from 2023-10-looksrare-judging.
Agree with escalation, seems like issue is invalid. Any thoughts @0xhiroshi given u implemented a fix?
from 2023-10-looksrare-judging.
Agree with escalation, seems like issue is invalid. Any thoughts @0xhiroshi given u implemented a fix?
It is still an issue, but the severity should be lowered as it only wastes gas instead of breaking the game
from 2023-10-looksrare-judging.
Will accept escalation and make invalid as submitter agreed to low/invalid in DMs.
from 2023-10-looksrare-judging.
Result:
Low
Unique
Submitter agreed to low/invalid in DMs.
from 2023-10-looksrare-judging.
Escalations have been resolved successfully!
Escalation status:
- mstpr: accepted
from 2023-10-looksrare-judging.
Fix LGTM
from 2023-10-looksrare-judging.
Related Issues (20)
- 0xrobsol - Inefficiency and Potential Gas Overhead Due to Forced ETH Transfer Failures
- dethera - Permanent DoS - inappropriate struct definition makes every call to UniSwap V3 `SwapRouter` contract's function `exactOutputSingle` to always revert
- detectiveking - `agents[1].agentId` access in `claimGrandPrize` is potentially incorrect and can lead to loss of grand prize
- gkrastenov - Bypassing MAX_MINT_PER_ADDRESS requirement
- detectiveking - Frontrunning with startNewRound() HOT 7
- Kral01 - [H-01] '_swap' can break things while in a loop. HOT 12
- syahirAmali - Fairness of Randomness is threatened and possibilities for gaming the jackpot.
- gkrastenov - Possible blocking of the game HOT 2
- BoRonGod - Unsafe `minimumRequestConfirmations`
- detectiveking - _woundRequestFulfilled is not actually random
- syahirAmali - Game Creator might not start the actual game. HOT 1
- ge6a - fulfillRandomWords() could revert under certain circumstances HOT 24
- klaus - fulfillRandomWords - may be reverted due to a hardcoded callbackGasLimit
- gkrastenov - Missing approve before transferring of WETH to the recipient HOT 1
- SilentDefendersOfDeFi - Prevent Healing of Agents by price manipulation HOT 11
- detectiveking - Wounded agents are killed without the next phase starting
- BoRonGod - `sqrtPriceLimitX96` and `deadline` are not defined in InfiltrationPeriphery.sol
- 0xWSeeC - Order of operations and solidity rounding down affects the correct value
- 0xpep7 - Gas Consumption Vulnerability in Infiltration's `fulfillRandomWords` HOT 1
- Milad-Sha - Unsafe downcast HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2023-10-looksrare-judging.