Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $35,000 USDC
Total HM: 10
Participants: 126
Period: 3 days
Judge: Justin Goro
Total Solo HM: 3
Id: 154
League: ETH
Rank: 118/126
Findings: 1
Award: $14.95
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x040, 0x1f8b, 0xDjango, 0xHarry, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xbepresent, 2997ms, Amithuddar, Aymen0909, Bnke0x0, CRYP70, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, Funen, GalloDaSballo, JC, JohnSmith, Junnon, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, SpaceCake, TomJ, Tomio, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, bobirichman, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, chrisdior4, csanuragjain, d3e4, defsec, delfin454000, djxploit, durianSausage, ellahi, erictee, fatherOfBlocks, gerdusx, gogo, ignacio, jag, ladboy233, m_Rassska, medikko, mics, natzuu, newfork01, oyc_109, paribus, pfapostol, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, sach1r0, saian, sashik_eth, sikorico, simon135
14.9459 USDC - $14.95
external instead of public for functions only called outside the contractI was able to identify that balanceOf() (https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L754), balanceOfAt() (https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L770), totalSupply() (https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L864) and totalSupplyAt() (https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L871) are all public functions. I recommend changing these to be externally facing contracts as they are not used within the contract itself. This might help in saving gas as calling a public function costs 496 gas while an external function only uses 261 gas. The reason for this is that public functions need to write all of its arguments to memory so they may be called internally, which is actually an entirely different process than external calls. For external functions, the compiler does not allow internal calls so it allows arguments to be read from calldata, thus skipping an entire copy step.
Recommendation:
Simply changing the functions outlined from public facing to external.
++i instead of i++++i generally costs less gas than i++ or i = i + 1 (about 5 units per increment) because i++ must increment a value and then "return" the old value which means the program may need to hold two numbers in memory. When ++i is used, it will only ever use one number in memory.
See the example below for an simplified illustration:
pragma solidity ^0.8.13; contract MyFavouriteCounter { uint public count; function incrementPrefixCount() public returns (uint) { count = 1; return (++count); // returns 2 } function incrementPostfixCount() public returns (uint) { count = 1; return (count++); // returns 1 } }
I was able to identify this in the following locations: https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L834 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L309 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L717 https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L834
Recommendation:
Simply using ++i can save some gas.