Back to 0xkatana's contests

Mimo DeFi contest - 0xkatana's results

Bridging the chasm between the DeFi world and the world of regulated financial institutions.

General Information

Platform: Code4rena

Start Date: 28/04/2022

Pot Size: $50,000 USDC

Total HM: 7

Participants: 43

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 115

League: ETH

Mimo DeFi

Findings Distribution

Researcher Performance

Rank: 39/43

Findings: 1

Award: $87.05

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryMimo DeFi

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, Funen, GimelSec, MaratCerby, Picodes, Tadashi, Tomio, defsec, delfin454000, joestakey, kebabsec, oyc_109, pauliax, robee, rotcivegaf, samruna, slywaters, sorrynotsorry, ych18, z3s

Awards

87.0482 USDC - $87.05

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

[G-01] Short require strings save gas

Strings in solidity are handled in 32 byte chunks. A require string longer than 32 bytes uses more gas. Shortening these strings will save gas.

Cases https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L35 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L44

Many cases of this gas optimization were found in GovernorAlpha https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L55 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L59 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L61 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L62 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L69 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L110 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L124 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/governance/GovernorAlpha.sol#L142

Shorten all require strings to less than 32 characters

[G-02] Use != 0 instead of > 0

Using > 0 uses slightly more gas than using != 0. Use != 0 when comparing uint variables to zero, which cannot hold values below zero

Locations where this was found include https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/PARMinerV2.sol#L52 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/PARMinerV2.sol#L71 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/PARMinerV2.sol#L254 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/core/PriceFeed.sol#L67 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/core/PriceFeed.sol#L71 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/core/VaultsCore.sol#L238 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/core/VaultsCore.sol#L270 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/InceptionVaultsCore.sol#L122 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/InceptionVaultsCore.sol#L145 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/InceptionVaultsCore.sol#L288 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/priceFeed/ChainlinkInceptionPriceFeed.sol#L75 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/priceFeed/ChainlinkInceptionPriceFeed.sol#L79

Replace > 0 with != 0 to save gas

[G-03] Use prefix not postfix in loops

Using a prefix increment (++i) instead of a postfix increment (i++) saves gas for each loop cycle and so can have a big gas impact when the loop executes on a large number of elements.

There are many examples of this in for loops https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/BaseDistributor.sol#L44 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/BaseDistributor.sol#L65 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/BaseDistributor.sol#L71 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L47 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L62 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L69 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/DistributorManager.sol#L36

Use prefix not postfix to increment in a loop

[G-04] Replace _setupRole call with _grantRole

The _setupRole function calls _grantRole, so it would save gas to call _grantRole directly

The _setupRole function, which is deprecated, is found in two places https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/access/AccessController.sol#L12-L13

This Open Zeppelin _setupRole code shows it is deprecated and only calls _grantRole https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/AccessControl.sol#L197-L199

Replace the _setupRole function with _grantRole from the same Open Zeppelin library

[G-05] Redundant zero initialization

Solidity does not recognize null as a value, so uint variables are initialized to zero. Setting a uint variable to zero is redundant and can waste gas.

There is at least one place where an int is initialized to zero, which looks like

uint256 i = 0;

Most cases of this are found in for loops https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/BaseDistributor.sol#L44 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/BaseDistributor.sol#L65 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/BaseDistributor.sol#L71 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L47 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L62 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/MinerPayer.sol#L69 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/DistributorManager.sol#L36

There are at least one place outside of a for loop with redundant zero initialization https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/InceptionVaultsCore.sol#L218

Remove the redundant zero initialization uint256 i;

[G-06] Split up require statements instead of &&

Combining require statement conditions with && logic uses unnecessary gas. It is better to split up each part of the logical statement into a separate require statements

One example is

require(success && (data.length == 0 || abi.decode(data, (bool))), "BoringERC20: Transfer failed");

This can be improved to

require(success);
require(data.length == 0 || abi.decode(data, (bool)), "BoringERC20: Transfer failed");

Several places had require statements with many logical "and"s. Instead, split into two to save gas https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/PARMinerV2.sol#L52 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/PARMinerV2.sol#L71 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/PARMinerV2.sol#L426 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/GenericMinerV2.sol#L58 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/GenericMinerV2.sol#L70 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/liquidityMining/v2/GenericMinerV2.sol#L331

Use separate require statements instead of concatenating with &&

[G-07] Add payable to functions that won't receive ETH

Identifying a function as payable saves gas. Functions that have the onlyOwner modifier cannot be called by normal users and will not mistakenly receive ETH. These functions can be payable to save gas.

There are many functions that have the onlyOwner modifier in AdminInceptionVault.sol and can be payable https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L55 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L64 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L79 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L98 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L130 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L137 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L149 https://github.com/code-423n4/2022-04-mimo/blob/main/core/contracts/inception/AdminInceptionVault.sol#L164

Add payable to these functions for gas savings

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter