Back to 0xArshia's contests

Canto v2 contest - 0xArshia's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 28/06/2022

Pot Size: $25,000 USDC

Total HM: 14

Participants: 50

Period: 4 days

Judge: GalloDaSballo

Total Solo HM: 7

Id: 141

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 46/50

Findings: 1

Award: $21.80

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: 0x1f8b

Also found by: 0x29A, 0xArshia, 0xKitsune, Bnke0x0, Chom, Fitraldys, Funen, JC, Lambda, Meera, Noah3o6, Picodes, RedOneN, Rohan16, Sm4rty, TerrierLover, TomJ, Tomio, Waze, ajtra, c3phas, cRat1st0s, defsec, durianSausage, fatherOfBlocks, grGred, hake, ladboy233, m_Rassska, mrpathfindr, oyc_109, rfa, ynnad

Awards

21.8032 USDC - $21.80

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

use ++i instead of i++ in for loops

impact

i++ is holding two numbers in memory old one +1 and ++I return just number after +1 means it holds 1 number in memory(for example

What happened in i++: int j = i; i = i + 1; return j; What happened in ++i: i = i + 1; return I;

Mitigation:

just use ++variable instead of variable++

proof of concept:

https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Governance/GovernorAlpha.sol#L181 https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Governance/GovernorAlpha.sol#L197 https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Governance/GovernorAlpha.sol#L211 https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Governance/GovernorBravoDelegate.sol#L66 https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Governance/GovernorBravoDelegate.sol#L88 https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Stableswap/BaseV1-core.sol#L210 https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Stableswap/BaseV1-core.sol#L340

Replace => with > or <= with <.

impact EVM we dont have opcode for >= its means we have > and = when we use the >= we doing > + = and its have more gas than the >

proof pg down Mitigation:

Do this > -1 or > +1 dont forget the increment/decrement the value.

Bool variable should be after the address variable

impact

Solidity contracts have 32 bytes (256 bits) slots used in storage. It means we can minimize the number of slots used within a contract’s storage and therefore reduce deployment gas costs.

And address type of variables has 20 bytes size and bool type variables have 1-byte size to save storage.

Mitigation:

write the bool variable after the address

Use two require instead of one with two parameters

impact

Require statements including conditions with the && operator can be broken down in multiple require statements to save gas.

Mitigation:

write the two require and use it for one parameter

#0 - GalloDaSballo

2022-08-14T20:28:47Z

Less than 100 gas

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter