Back to 0xRoxas's contests

Blur Exchange contest - 0xRoxas's results

An NFT exchange.

General Information

Platform: Code4rena

Start Date: 11/11/2022

Pot Size: $36,500 USDC

Total HM: 5

Participants: 62

Period: 3 days

Judge: berndartmueller

Id: 181

League: ETH

Blur Exchange

Findings Distribution

Researcher Performance

Rank: 55/62

Findings: 1

Award: $22.22

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBlur Exchange

Findings Information

🌟 Selected for report: ReyAdmirado

Also found by: 0x4non, 0xRoxas, 0xab00, Awesome, Aymen0909, Bnke0x0, Deivitto, Diana, IllIllI, Rahoz, RaymondFam, Rolezn, Sathish9098, ajtra, aphak5010, aviggiano, c3phas, carlitox477, ch0bu, cryptostellar5, erictee, lukris02, martin, rotcivegaf, saian, shark, trustindistrust, zaskoh

Awards

22.2155 USDC - $22.22

Labels

bug
G (Gas Optimization)
grade-b
G-23

External Links

Link to GitHub issue

Gas Report

Optimizations found [4]

[G-01] ++i is cheaper than (i++)/(i+=1) ⓘ

Findings:

/contracts/Exchange.sol Line(s): 316

316:	nonces[msg.sender] += 1;

suggested change

316:	++nonces[msg.sender];

[G-02] Use nested if instead of && ⓘ

Findings:

/contracts/Exchange.sol Line(s): 412, 572

412:	if (order.order.extraParams.length > 0 && order.order.extraParams[0] == 0x01) {
572:	if (msg.sender == buyer && paymentToken == address(0)) {

suggested change

412:	if (order.order.extraParams.length > 0) {
			if (order.order.extraParams[0] == 0x01) {
	
			}
		}
572:	if (msg.sender == buyer) {
			if (paymentToken == address(0)) {

			}
		}

[G-03] Unless Used for Variable Packing uint8 May Be More Expensive Than Using uint256 ⓘ

Findings:

/contracts/Exchange.sol Line(s): 184, 307, 598

184:	for (uint8 i = 0; i < executionsLength; i++) {
307:	for (uint8 i = 0; i < orders.length; i++) {
598:	for (uint8 i = 0; i < fees.length; i++) {

suggested change

184:	for (uint256 i; i < executionsLength; ++i) {
307:	for (uint256 i; i < orders.length; ++i) {
598:	for (uint256 i; i < fees.length; ++i) {

Further Savings IF the above is implemented: If i is changed to a uint256 the increment can be unchecked to save more gas.

example: from

for (uint256 i; i < amountOfTokens; ++i) {
	//Code
}

to

for (uint256 i; i < amountOfTokens;) {
	//Code
	unchecked {
		++i;
	}
}

[G-04] Use unchecked For Arithmetic That Cannot Overflow

Arithmetic is performed that cannot overflow / underflow based on a previous require. Adding an unchecked brace around these occurances will save gas (Solidity will not force an underflow / overflow).

NOTE: Findings show the check before each line that allows the second line to be unchecked. Only the line following the check should be unchecked (NOT the check itself).

unchecked {
	//Code
}
Findings:

/contracts/Pool.sol Line(s): 45-46, 71/73

45:	require(_balances[msg.sender] >= amount);
46:	_balances[msg.sender] -= amount;
71:	require(_balances[from] >= amount);
73:	_balances[from] -= amount;

/contracts/Exchange.sol Line(s): 573-574, 604/607

604:	require(totalFee <= price, "Total amount of fees are more than the price");
607:	uint256 receiveAmount = price - totalFee;

#0 - c4-judge

2022-11-17T12:58:28Z

berndartmueller marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter