Rigor Protocol contest - 0xSmartContract's results

1- ’0’ address Check

Context:

HomeFi.sol#L98

Description: Also check the length of the address to protect the code from short address problem just in case.This is best practice

Proof of Concept: https://twitter.com/samczsun/status/1554252024723546112?s=20&t=mjJTwhMQz6LS_azlM3TTWQ

Recommendation: like this ; require(_forwarder != address(0x0));

2- Not correct Title

Context:

ProjectFactory.sol#L73-L75

Description: createProject function is external, but title was written to ’EXTERNAL VIEWS’ in line74

Recommendation: Change to this title

1-Setting The Constructor To Payable

Context:

Project.sol#L88 ,

Description: You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21💰 gas on deployment with no security risks.

Proof of Concept: https://forum.openzeppelin.com/t/a-collection-of-gas-optimisation-tricks/19966/5?u=pcaversaccio

Recommendation: Set the constructor to payable.

2-There is no need to assign default values to variables

Context: libraries/Tasks.sol#L181 Project.sol#L322 Project.sol#L311 Project.sol#L248 HomeFiProxy.sol#L136 HomeFiProxy.sol#L87 Community.sol#L624

Description: When a variable is declared solidity assigns the default value. In case the contract assigns the value again, it costs extra gas. Example: uint x = 0 costs more gas than uint x without having any different functionality.

Recommendation: uint x = 0 costs more gas than uint x without having any different functionality.

3-Functions Visibility Can Be Declared External

Context:  DebtToken.sol#L82

Description: Several functions across multiple contracts have a public visibility and can be marked with external visibility to save gas. This function is never called from within the contract

Recommendation: Change the functions visibility to external to save gas.

4-Catching The Array Length Prior To Loop

Project.sol#L601-L603

Context:  One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.

Description: One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.

Recommendation: Simply do something like so before the for loop: uint length = variable.length. Then add length in place of variable.length in the for loop.

Project.sol#L601-L603

if (_changeOrderedTask.length > 0) {
     for (; i < _changeOrderedTask.length; i++) {

Recommendition:

uint256 cha = _changeOrderedTask.length;
if (cha > 0) {
     for (; i <  cha; i++) {

5-Use ++index instead of index++ to increment a loop counter

Context:  Tasks.sol#L181 Project.sol#L603 Project.sol#L322 Project.sol#L311 Project.sol#L248 HomeFiProxy.sol#L136 HomeFiProxy.sol#L87 Community.sol#L624

Description: Due to reduced stack operations, using ++index saves 5💰 gas per iteration.

Recommendation: Use ++index to increment a loop counter.

6-uint256 Is Cheaper Than uint8

Context:  DebtToken.sol#L16

Description: The EVM reads in 32 byte words if your data is smaller, further operations are needed to downscale from 256 bits to 8 bit. Since these uint8s are not packed with others to be read from the same slot it's cheaper to just use uint256 from them.

Recommendation: use uint256 instead of uint8.

7-Function Ordering via Method ID

Context:  All Contracts

Description: Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions.

Recommendation: Find a lower method ID name for the most called functions for example Call() vs. Call1() is cheaper by 22 gas.

Proof of Consept: https://coinsbench.com/advanced-gas-optimizations-tips-for-solidity-85c47f413dc5

8-use != 0 instead of > 0

Context:  Project.sol#L380 Project.sol#L195 Disputes.sol#L107 Community.sol#L764

Description: When dealing with unsigned integer types, comparisons with != 0 are cheaper then with > 0 

Proof of Consept: https://aws1.discourse-cdn.com/business6/uploads/zeppelin/original/2X/3/363a367d6d68851f27d2679d10706cd16d788b96.png

9-Using double require instead of operator && can save more gas

Context: Disputes.sol#L107 Disputes.sol#L62

Description:Using double require instead of operator && can save more gas 

10- <x> += <y> costs more gas than <x> = <x> + <y> for state variables

Context: Project.sol#L711 Project.sol#L290 Project.sol#L179 HomeFi.sol#L289 Project.sol#L250

Description: <x> += <y> costs more gas than <x> = <x> + <y> for state variables

Proof of Concept:

contract Test1 {
   uint256 a;
    uint256 c;
   // Gas : 25729 💰
    function foo() public {
        c += a;
    }
}

Recommendation:

contract Test1 {
    uint256 a;
    uint256 c;
   // Gas :25716 ✅
   function foo() public {
       c = c + a;
   }
}

11- Use a more recent version of Solidity

Context: All contracts use 0.8.6 version

Description: Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value

Starting from Solidity 0.8.8, the override keyword is not required when overriding an interface function, except for the case where the function is defined in multiple bases.(https://docs.soliditylang.org/en/v0.8.12/contracts.html#function-overriding)

Recommendation: Use can Solidity 0.8.10 version

12- Functions Guaranteed to Revert When Callled By Normal Users Can Be Marked Payable

Context: HomeFiProxy.sol#L150-L152 HomeFiProxy.sol#L125-L128 HomeFiProxy.sol#L100-L103

Description: If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided. The extra opcodes avoided are CALLVALUE(2),DUP1(3),ISZERO(3),PUSH2(3),JUMPI(10),PUSH1(3),DUP1(3),REVERT(0),JUMPDEST(1),POP(2), which costs an average of about 21 💰 gas per call to the function, in addition to the extra deployment cost

Recommendation: Functions guaranteed to revert when called by normal users can be marked payable (for only onlyowner functions)

13- Use Custom Errors Rather Than Revert() / Require() Strings to Save Deployment Gas

Context:

ProjectFactory.sol#L84 ProjectFactory.sol#L64 HomeFiProxy.sol#L133 HomeFiProxy.sol#L105 HomeFiProxy.sol#L81 HomeFiProxy.sol#L41

Description: Custom errors are available from solidity version 0.8.4 Custom errors save ~50 gas each time they’re hitby avoiding having to allocate and store the revert string. Not defining the strings also save deployment gas

Proof of Concept: https://blog.soliditylang.org/2021/04/21/custom-errors/