QuickSwap and StellaSwap contest - 0x5rings's results

A concentrated liquidity DEX with dynamic fees.

General Information

Platform: Code4rena

Start Date: 26/09/2022

Pot Size: $50,000 USDC

Total HM: 13

Participants: 113

Period: 5 days

Judge: 0xean

Total Solo HM: 6

Id: 166

League: ETH

QuickSwap and StellaSwap

Findings Distribution

Researcher Performance

Rank: 109/113

Findings: 1

Award: $24.02

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository QuickSwap and StellaSwap

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x5rings, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, 0xmatt, Aeros, Amithuddar, Awesome, Aymen0909, B2, Bnke0x0, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, HardlyCodeMan, JC, Mukund, Noah3o6, Olivierdem, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Ruhum, Saintcode_, Shinchan, SnowMan, TomJ, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, c3phas, ch0bu, cryptonue, defsec, delfin454000, dharma09, durianSausage, emrekocak, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, imare, kaden, karanctf, ladboy233, lukris02, m_Rassska, martin, medikko, mics, natzuu, oyc_109, peiw, rbserver, ret2basic, rotcivegaf, saian, shark, slowmoses, tnevler, trustindistrust, zeesaw, zishansami

Awards

24.0179 USDC - $24.02

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

Use a more recent version of Solidity > 0.8.0

Files Found: All files refer to pragma solidity =0.7.6;

Explanation: The following repo bares resemblance to UniswapV3 Core. Which also uses =0.7.6.

Mitigation:

Use a solidity version of at least 0.8.0 to get overflow protection without SafeMath
Use a solidity version of at least 0.8.2 to get simple compiler automatic inlining
Use a solidity version of at least 0.8.3 to get better struct packing and cheaper multiple storage reads
Use a solidity version of at least 0.8.4 to get custom errors, which are cheaper at deployment than revert()/require() strings Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value

`Abi.Encode()` is less efficient than `abi.Encodepacked()`

Files Found:

There are 2 instances of this issue.

File: src/core/contracts/AlgebraFactory.sol - line 123
File: src/core/contracts/AlgebraPoolDeployer.sol - line 51

Mitigation:

Use Abi.encode packed where necessary

`x += y` costs more gas than `x = x + y` for state variables

Files Found:

There are 7 instances of this issue.

File: src/core/contracts/AlgebraPool.sol - line 257
File: src/core/contracts/AlgebraPool.sol - line 258
File: src/core/contracts/AlgebraPool.sol - line 804
File: src/core/contracts/AlgebraPool.sol - line 811
File: src/core/contracts/AlgebraPool.sol - line 814
File: src/core/contracts/AlgebraPool.sol - line 931
File: src/core/contracts/AlgebraPool.sol - line 945

QuickSwap and StellaSwap contest - 0x5rings's results

A concentrated liquidity DEX with dynamic fees.

General Information

Findings Distribution

Researcher Performance

External Links

[G-09] Gas Report - $24.02

Findings Information

Awards

Labels

External Links

Use a more recent version of Solidity > 0.8.0

Mitigation:

Abi.Encode() is less efficient than abi.Encodepacked()

Files Found:

Mitigation:

Use Abi.encode packed where necessary

x += y costs more gas than x = x + y for state variables

Files Found:

Mitigation:

Use x = x + y instead of x += y

`Abi.Encode()` is less efficient than `abi.Encodepacked()`

`x += y` costs more gas than `x = x + y` for state variables

Use `x = x + y` instead of `x += y`