Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $35,000 USDC
Total HM: 13
Participants: 78
Period: 3 days
Judge: 0xean
Total Solo HM: 6
Id: 135
League: ETH
Rank: 76/78
Findings: 1
Award: $25.71
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: joestakey
Also found by: 0x040, 0x1f8b, 0xDjango, 0xNazgul, 0xsam, Avci, Aymen0909, Bnke0x0, CRYP70, ElKu, Fitraldys, Funen, JC, Kaiziron, MadWookie, Meera, ReyAdmirado, Sm4rty, Soosh, TomJ, Waze, _Adam, __141345__, ajtra, benbaessler, c3phas, csanuragjain, durianSausage, exd0tpy, fatherOfBlocks, hake, ignacio, karanctf, kyteg, m_Rassska, oyc_109, rbserver, robee, rokinot, samruna, sashik_eth, simon135, slywaters
25.7053 USDC - $25.71
[G-1]- FUNCTIONS GUARANTEED TO REVERT WHEN CALLED BY NORMAL USERS CAN BE MARKED PAYABLE :
If a function is set to only be called by owner or a specific user, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for the owner because the compiler will not include checks for whether a payment was provided. The extra opcodes avoided are :
CALLVALUE(gas=2), DUP1(gas=3), ISZERO(gas=3), PUSH2(gas=3), JUMPI(gas=10), PUSH1(gas=3), DUP1(gas=3), REVERT(gas=0), JUMPDEST(gas=1), POP(gas=2).
Which costs an average of about 21 gas per call to the function, in addition to the extra deployment cost. There are many instances of this :
File: Creator/Creator.sol
line 47 : function setAdmin(address a) external authorized(admin) returns (bool) line 54 : function setMarketPlace(address m) external authorized(admin) returns (bool)
File: Creator/ZcToken.sol
line 140 : function burn(address f, uint256 a) external onlyAdmin(address(redeemer)) returns (bool) line 147 : function mint(address t, uint256 a) external onlyAdmin(address(redeemer)) returns (bool)
File: Creator/VaultTracker.sol
line 49 : function addNotional(address o, uint256 a) external authorized(admin) returns (bool) line 82 : function removeNotional(address o, uint256 a) external authorized(admin) returns (bool) line 113 : function redeemInterest(address o) external authorized(admin) returns (uint256) line 143 : function matureVault(uint256 c) external authorized(admin) returns (bool) line 152 : function transferNotionalFrom(address f, address t, uint256 a) external authorized(admin) returns (bool) line 208 : function transferNotionalFee(address f, uint256 a) external authorized(admin) returns(bool)
File: MarketPlace/MarketPlace.sol
line 45 : function setSwivel(address s) external authorized(admin) returns (bool) line 53 : function setAdmin(address a) external authorized(admin) returns (bool) line 115 : function mintZcTokenAddingNotional(uint8 p, address u, uint256 m, address t, uint256 a) external authorized(swivel) unpaused(p) returns (bool)
#0 - robrobbins
2022-08-22T22:52:39Z
this quirk of the runtime is a misdirection imo. methods with no intent of taking value shouldn't me marked as payable (tho it costs 30 gas yes)