Platform: Code4rena
Start Date: 10/02/2022
Pot Size: $100,000 USDC
Total HM: 13
Participants: 21
Period: 7 days
Judge: leastwood
Total Solo HM: 10
Id: 85
League: ETH
Rank: 12/21
Findings: 2
Award: $736.03
🌟 Selected for report: 0
🚀 Solo Findings: 0
Use a two-step process to transfer governance. This way, you can make sure that new governor can create a transaction. It can avoid the costly mistake of transferring to a wrong address.
#0 - Zer0dot
2022-03-24T20:54:37Z
This is within the acceptable system risk parameters, governance is expected to be a multisig or DAO with a timelock, etc.
Caching the length saves gas. Moreover not assigning the default value 0 to i save gas;
Reference implementation
uint256 len = array.length; for (uint256; i < len; ++i) { // Operations }
Scope:
./core/LensHub.sol:541: for (uint256 i = 0; i < vars.datas.length; ++i) { ./core/modules/follow/ApprovalFollowModule.sol:41: for (uint256 i = 0; i < addresses.length; ++i) { ./core/modules/follow/ApprovalFollowModule.sol:66: for (uint256 i = 0; i < addresses.length; ++i) { ./core/modules/follow/ApprovalFollowModule.sol:128: for (uint256 i = 0; i < toCheck.length; ++i) { ./libraries/InteractionLogic.sol:47: for (uint256 i = 0; i < profileIds.length; ++i) { ./libraries/PublishingLogic.sol:403: for (uint256 i = 0; i < byteHandle.length; ++i) {
uint use != 0 rather than > 0It costs less gas to do so.
Scope:
./core/base/ERC721Time.sol:135: bytes(baseURI).length > 0 ? string(abi.encodePacked(baseURI, tokenId.toString())) : ''; ./core/modules/follow/ApprovalFollowModule.sol:64: if (data.length > 0) {
Scope:
uint256 x; costs less gas then uint256 x = 0;.
./core/FollowNFT.sol:120: uint256 lower = 0; ./core/FollowNFT.sol:162: uint256 lower = 0; ./upgradeability/VersionedInitializable.sol:29: uint256 private lastInitializedRevision = 0;
Scope:
./core/FollowNFT.sol:134: uint256 center = upper - (upper - lower) / 2; ./core/FollowNFT.sol:176: uint256 center = upper - (upper - lower) / 2; ./core/LensHub.sol:27: * 2. Almost every event in the protocol emits the current block timestamp, reducing the need to fetch it manually. ./core/base/ERC721Time.sol:20: * 2. Constructor replaced with an initializer. ./core/modules/ModuleGlobals.sol:109: if (newTreasuryFee >= BPS_MAX / 2) revert Errors.InitParamsInvalid();
In the code base += 1 is used, but using preincrement ++ is cheaper. (Same applies for substraction)
Scope:
./core/base/ERC721Time.sol:348: _balances[to] += 1; ./core/base/ERC721Time.sol:404: _balances[to] += 1; ./core/base/ERC721Time.sol:373: _balances[owner] -= 1; ./core/base/ERC721Time.sol:373: _balances[owner] -= 1; ./core/base/ERC721Time.sol:403: _balances[from] -= 1;
#0 - Zer0dot
2022-03-24T20:54:02Z
Caching is included in https://github.com/aave/lens-protocol/pull/80, the rest, although valid except for the zero initialization (which is handled by the optimizer now afaik), we won't be taking any action on.