Backd Tokenomics contest - 0xkatana's results

Maximize the power of your assets and start earning yield

General Information

Platform: Code4rena

Start Date: 27/05/2022

Pot Size: $75,000 USDC

Total HM: 20

Participants: 58

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 15

Id: 131

League: ETH

Backd

Findings Distribution

Researcher Performance

Rank: 54/58

Findings: 1

Award: $62.68

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Backd

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Chom, Dravee, Fitraldys, Funen, Kaiziron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SecureZeroX, Sm4rty, SmartSek, StyxRave, Tadashi, Tomio, Waze, asutorufos, berndartmueller, c3phas, catchup, csanuragjain, defsec, delfin454000, djxploit, fatherOfBlocks, gzeon, hake, hansfriese, oyc_109, robee, sach1r0, sashik_eth, scaraven, simon135

Awards

62.6774 USDC - $62.68

Labels

bug

G (Gas Optimization)

resolved

sponsor confirmed

External Links

Link to GitHub issue

[G-01] Cache array length before loop

Caching the array length outside a loop saves reading it on each iteration, as long as the array's length is not changed during the loop. This saves gas.

Recommended Mitigation Steps

Cache the array length before the for loop

[G-02] Use != 0 instead of > 0

Using > 0 uses slightly more gas than using != 0. Use != 0 when comparing uint variables to zero, which cannot hold values below zero

Recommended Mitigation Steps

Replace > 0 with != 0 to save gas

[G-03] For loop incrementing can be unsafe

For loops that use i++ do not need to use safemath for this operation because the loop would run out of gas long before this point. Making this addition operation unsafe using unchecked saves gas. This is already used in many places with i = i.uncheckedInc().

Sample code to make the for loop increment unsafe

for (uint i = 0; i < length; i = unchecked_inc(i)) {
    // do something that doesn't change the value of i
}

function unchecked_inc(uint i) returns (uint) {
    unchecked {
        return i + 1;
    }
}

Idea borrowed from https://gist.github.com/hrkrshnn/ee8fabd532058307229d65dcd5836ddc#the-increment-in-for-loop-post-condition-can-be-made-unchecked

There is one loop and that can use this change https://github.com/code-423n4/2022-05-backd/tree/main/protocol/contracts/zaps/PoolMigrationZap.sol#L22

Recommended Mitigation Steps

Make the increment in for loops unsafe to save gas

[G-04] Use iszero assembly for zero checks

Comparing a value to zero can be done using the iszero EVM opcode. This can save gas

Source from t11s https://twitter.com/transmissions11/status/1474465495243898885

Recommended Mitigation Steps

Use the assembly iszero evm opcode to compare values to zero

[G-05] Save gas with unchecked

Use unchecked math when there is no overflow risk to save gas. Before index is decreased in remove it is checked for zero condition. This means index will not underflow and can be unchecked.

These subtractions do not need to be checked for underflows because there is a require earlier that confirms the underflow will not happen. Use the uncheckedSub function https://github.com/code-423n4/2022-05-backd/tree/main/protocol/contracts/StakerVault.sol#L124 https://github.com/code-423n4/2022-05-backd/tree/main/protocol/contracts/StakerVault.sol#L338

Recommended Mitigation Steps

Add unchecked around math that can't overflow for gas savings. In Solidity before 0.8.0, use the normal math operators instead of safe math functions.

[G-06] Add payable to functions that won't receive ETH

Identifying a function as payable saves gas. Functions that have a modifier like onlyGovernance or onlyAuthorizedToPause cannot be called by normal users and will not mistakenly receive ETH. These functions can be payable to save gas.

Recommended Mitigation Steps

Add payable to these functions for gas savings

[G-07] Use internal function in place of modifier

An internal function can save gas vs. a modifier. A modifier inlines the code of the original function but an internal function does not.

Source https://blog.polymath.network/solidity-tips-and-tricks-to-save-gas-and-reduce-bytecode-size-c44580b218e6#dde7

Recommended Mitigation Steps

Use internal functions in place of modifiers to save gas.

[G-08] Use newer solidity version

Solidity version 0.8.10 is used. The latest release of solidity includes changes that can provide gas savings. The improvements include:

Solidity version 0.8.13 can save more gas with Yul IR pipeline

Source https://gist.github.com/hrkrshnn/ee8fabd532058307229d65dcd5836ddc#upgrade-to-at-least-084

Recommended Mitigation Steps

Use solidity release 0.8.13 with Yul IR pipeline and other improvements for gas savings

[G-09] Non-public variables save gas

Many immutable variables are public, but changing the visibility of any of these variables to private or internal can save gas.

Recommended Mitigation Steps

Declare some public variables as private or internal to save gas

[G-10] Use calldata instead of memory for function arguments

Using calldata instead of memory for function arguments saves gas sometimes. This can happen when a function is called externally and the memory array values are kept in calldata and copied to memory during ABI decoding (using the opcode calldataload and mstore). If the array is used in a for loop, arr[i] accesses the value in memory using a mload. If calldata is used instead, then instead of going via memory, the value is directly read from calldata using calldataload. That is, there are no intermediate memory operations that carries this value.

One case of function arguments using memory instead of calldata can use this improvement to save gas https://github.com/code-423n4/2022-05-backd/tree/main/protocol/contracts/tokenomics/FeeBurner.sol#L43

Source https://gist.github.com/hrkrshnn/ee8fabd532058307229d65dcd5836ddc#use-calldata-instead-of-memory-for-function-parameters

Recommended Mitigation Steps

Change function arguments from memory to calldata

[G-11] Write contracts in vyper

The contracts are all written entirely in solidity. Writing contracts with vyper instead of solidity can save gas.

Source https://twitter.com/eiber_david/status/1515737811881807876

Recommended Mitigation Steps

Write some or all of the contracts in vyper to save gas

#0 - chase-manning
2022-06-07T21:44:33Z

Lol "Write contracts in vyper" 🤣

#1 - GalloDaSballo
2022-06-16T21:14:37Z

[G-01] Cache array length before loop

Would save 3 gas per instance 3 * 8 = 24

[G-02] Use != 0 instead of > 0

Works only for requires, saves 3 gas Only 9 instances were requires

3 * 9 = 27

[G-03] For loop incrementing can be unsafe

Saves 25 gas

[G-04] Use iszero assembly for zero checks

Saves 2 gas per the discussion in #27 2 * 22 = 44

[G-05] Save gas with unchecked

Would save 20 gas per instance

[G-06] Add payable to functions that won't receive ETH

It would save gas but personally would not count it as it does change the contract behaviour even if by a small margin (also changes UX on Metamask)

[G-07] Use internal function in place of modifier

Indeed does save gas on deployment

[G-08] Use newer solidity version

Valid but hard to quantify

[G-09] Non-public variables save gas

Would save gas by removing functionality

[G-10] Use calldata instead of memory for function arguments

Finding is valid but in lack of math I'm not going to add it

[G-11] Write contracts in vyper

Same as above, I guess we'll burn hundreds of thousands of dollars of work and rewrite in vyper

I think this report could have been great had the warden done more comparison of the real code with improvements

Total Gas Saved: 160

Backd Tokenomics contest - 0xkatana's results

Maximize the power of your assets and start earning yield

General Information

Findings Distribution

Researcher Performance

External Links

[G-31] Gas Report - $62.68

Findings Information

Awards

Labels

External Links

[G-01] Cache array length before loop

Recommended Mitigation Steps

[G-02] Use != 0 instead of > 0

Recommended Mitigation Steps

[G-03] For loop incrementing can be unsafe

Recommended Mitigation Steps

[G-04] Use iszero assembly for zero checks

Recommended Mitigation Steps

[G-05] Save gas with unchecked

Recommended Mitigation Steps

[G-06] Add payable to functions that won't receive ETH

Recommended Mitigation Steps

[G-07] Use internal function in place of modifier

Recommended Mitigation Steps

[G-08] Use newer solidity version

Recommended Mitigation Steps

[G-09] Non-public variables save gas

Recommended Mitigation Steps

[G-10] Use calldata instead of memory for function arguments

Recommended Mitigation Steps

[G-11] Write contracts in vyper

Recommended Mitigation Steps

#0 - chase-manning2022-06-07T21:44:33Z

#1 - GalloDaSballo2022-06-16T21:14:37Z

[G-01] Cache array length before loop

[G-02] Use != 0 instead of > 0

[G-03] For loop incrementing can be unsafe

[G-04] Use iszero assembly for zero checks

[G-05] Save gas with unchecked

[G-06] Add payable to functions that won't receive ETH

[G-07] Use internal function in place of modifier

[G-08] Use newer solidity version

[G-09] Non-public variables save gas

[G-10] Use calldata instead of memory for function arguments

[G-11] Write contracts in vyper

#0 - chase-manning
2022-06-07T21:44:33Z

#1 - GalloDaSballo
2022-06-16T21:14:37Z