Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $75,000 USDC
Total HM: 16
Participants: 100
Period: 7 days
Judge: LSDan
Total Solo HM: 7
Id: 145
League: ETH
Rank: 28/100
Findings: 2
Award: $222.29
π Selected for report: 0
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 8olidity, Aussie_Battlers, Bnke0x0, Ch_301, Critical, Deivitto, Dravee, ElKu, Funen, GimelSec, JC, JohnSmith, Lambda, MiloTruck, PwnedNoMore, ReyAdmirado, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, TomJ, Waze, _Adam, __141345__, alan724, asutorufos, benbaessler, berndartmueller, bin2chen, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, cryptphi, csanuragjain, delfin454000, dxdv, exd0tpy, fatherOfBlocks, gogo, hake, hyh, joestakey, kyteg, lcfr_eth, minhtrng, p_crypt0, pashov, pedr02b2, philogy, rajatbeladiya, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, seyni, simon135, svskaushik, zuhaibmohd, zzzitron
177.9856 USDC - $177.99
Name shadowing where two or more variables/functions share the same name could be confusing to developers and/or reviewers.
setAddr in Resolver.sol there is shadowing with addr variable that in case a contract inherits from Resolver.sol, when implementing setAddr function interface, they can't access to some functions with the same name but only to the local address variable:
Case addr https://github.com/code-423n4/2022-07-ens/blob/main/contracts/resolvers/Resolver.sol#L43
Case owner variables https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L25 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L33 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L41 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L46 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L60 and the function https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L52
Case resolver variables https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L26 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L34 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L44 and the function https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L54
Case ttl variables https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L27 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L35 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L48 and the function https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol#L56
addr in setAddr to _addr or another alternative name for avoiding shadowingowner to nodeOwner() or getOwner() or the variables owner passed as parameters to _ownerSPDX license should be included for avoiding compiler warnings.
Compilation warnings/errors on https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/registry/ENS.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/IMetadataService.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/StringUtils.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/SHA1.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/digests/Digest.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/Owned.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/algorithm/Algorithm.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/IBaseRegistrar.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/IETHRegistrarController.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol
Add a SPDX License to each file
In interfaces functions are already virtual
The follow function is expliciting including virtual keyword what is not needed in interfaces:
remove the virtual keyword in interfaces
Magic numbers are hardcoded numbers used in the code which are ambiguous to their intended purpose. These should be replaced with constants to make code more readable and maintainable.
values are hardcoded and would be more readable and maintainable if declared as a constant Also they are used in operations with assembly, which is error prone
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L148 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L161 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L187 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L268-270
Replace magic hardcoded numbers with declared constants.
Code that can affect the correct usage of the contract should include events
The setOwner function has no events an it's an important part of the code
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/Owned.sol#L18-L20
Add an event to the function
Events without indexed event parameters make it harder and inefficient for off-chain tools to analyze them.
Indexed parameters (βtopicsβ) are searchable event parameters. They are stored separately from unindexed event parameters in an efficient manner to allow for faster access. This is useful for efficient off-chain-analysis, but it is also more costly gas-wise.
event do not use indexed parameters.
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L14 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L15
Consider which event parameters could be particularly useful to off-chain tools and should be indexed.
public visibility in constructors are ignored an throws warning by the compiler
Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/Owned.sol#L18-L20
remove public keyword from constructor
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/Controllable.sol#L11-L14 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/Owned.sol#L18-L20 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L18 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L120-L123 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L125 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L210-L212
ENS directions can be renewed by anyone, not only by the owner, this can create an direction to be locked so nobody can get it
this means that maybe somebody is expecting to get a direction that Alice is holding but left alone or maybe even lost control forever, then the user Mallory that doesn't want to let other users to get the direction pays for it blocking it so Bob can't get control of it
add some short of user control
Constant naming convention is all upper case.
base32HexTable is a constant and should be in UPPER_CASE_WITH_UNDERSCORES as per Solidity Style Guide.
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L252 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L252
Rename the constant to all uppercase.
No pragma specified, this may lead to wrong assumptions and deployments and even audits, since pragma version modifies many things
Interface IBaseRegistrar has no pragma version specified
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/IBaseRegistrar.sol
Add pragma version, as I could see in the code, I would suggest ^0.8.4
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L3
Since 0.8.0 ABI coder v2 is activated by default
The pragma pragma experimental ABIEncoderV2; is still valid, but it is deprecated and has no effect.
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L3
Consider removing it as it is deprecated and enabled by default. If you want to be explicit, please use pragma abicoder v2; instead.
Name shadowing where two or more variables/functions share the same name could be confusing to developers and/or reviewers
Use of now keyword as a parameter
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L18 variable now
Replace now variable in the function parameter to _now or a similar substitution
Missing Natspec and regular comments affect readability and maintainability of a codebase.
Contracts has partial or full lack of comments
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/Controllable.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol SHA1 is really known, however, library should be as clear as posible, so it should be commented for what is pretended to be used https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L63-L99 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L181-L261 functions and structures not commented https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L270-L272 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/Owned.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/IBaseRegistrar.sol#L44 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/IETHRegistrarController.sol https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol
Add @param descriptors Add @return descriptors Add Natspec comments. Add inline comments. Add comments for what the contract does
Long lines should be wrapped to conform with Solidity Style guidelines.
Lines that exceed the 79 (or 99) character length suggested by the Solidity Style guidelines. Reference: https://docs.soliditylang.org/en/v0.8.10/style-guide.html#maximum-line-length
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L10 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L182 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L201 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L202 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L248 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L449
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/BytesUtil.sol#L35 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/BytesUtil.sol#L41 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L312 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L261 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L252 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L234 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L198 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L187 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L171 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L158 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L145 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L135 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L125-L126 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L115-L116 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L103-L104 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L91 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L44 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil.sol#L11
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L11 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L94 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L120 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L193 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L212 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L260 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L292 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L293 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L296 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L297 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L298 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L301 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L302 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L303 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L319 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L17 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L18 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/algorithm/Algorithm.sol#L17
Comments and lines of code should be wrapped to a maximum of 79 (or 99) characters to help readers easily parse the comments.
Clearness of the code is important for the readiability and manteniability. As Solidity guidelines says about declaration order: 1.Type declarations 2.State variables 3.Events 4.Modifiers 5.Functions
In this case, a constant is declared in the middle of diferent functions
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtil#L252 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L104-L112 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L181-L191 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L200-L210 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L63-83
Follow solidity style guidelines https://docs.soliditylang.org/en/v0.8.15/style-guide.html
Comments says where the private and internal function starts, ordering this is a good practice as improves readiability and manteniability
There is a function that should be included within this block and was forget to move there and can confuse any reader
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L154-L164
Move function _setData with the other internal functions
code that is deprecated may lead to wrong assumptions and should be removed for avoiding future problems of missasumptions
If code is deprecated, it should be remvoed from the code as it is replaced but something else or not used anymore
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/resolvers/Resolver.sol#L35-L36 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/resolvers/Resolver.sol#L79-L86
Remove code that is deprecated
π Selected for report: 0xKitsune
Also found by: 0x040, 0x1f8b, 0x29A, 0xNazgul, 0xNineDec, 0xsam, 8olidity, Aussie_Battlers, Aymen0909, Bnke0x0, CRYP70, Ch_301, Chom, Deivitto, Dravee, ElKu, Fitraldys, Funen, GimelSec, IllIllI, JC, JohnSmith, Lambda, MiloTruck, Noah3o6, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, _Adam, __141345__, ajtra, ak1, arcoun, asutorufos, benbaessler, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, delfin454000, durianSausage, fatherOfBlocks, gogo, hake, hyh, joestakey, karanctf, kyteg, lcfr_eth, lucacez, m_Rassska, rajatbeladiya, rbserver, robee, rokinot, sach1r0, sahar, samruna, sashik_eth, seyni, simon135, zuhaibmohd
44.3038 USDC - $44.30
Not using the named return variables when a function returns wastes deployment gas
There are functions that includes returns(type variableName) and then doesn't use that variableName that had been initialised. This consumes gas.
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L94-L96 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L744-L752
returns variable ignored wastes extra gas, remove them or assigned them
Custom errors reduce 38 gas if the condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.
Since version 0.8.4 the use of custom errors rather than revert() / require() saves gas as noticed in https://blog.soliditylang.org/2021/04/21/custom-errors/ https://github.com/code-423n4/2022-04-pooltogether-findings/issues/13
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/Controllable.sol#L16-L20 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L60-L63 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L85-L88 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L107-L110 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L176 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L177-L180 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L195-L198 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L199 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L200-L203 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L215-L218 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L248 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L249 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L250-L253 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L290-L293 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/BytesUtil.sol#L28 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/BytesUtil.sol#L42 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L99-L102 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L137-L140 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L196-L199 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L232-L235 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L238-L241 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L242 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L259-L262
replace each require by an error
using > 0 costs 6 more gas than != 0 when used on a require() statement as negative numbers are not allowed in uint values
uint variables can't go negative so it can be improved the gas
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/BytesUtil.sol#L44 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L245 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L98
replace > 0 to != 0 for extra gas savings by each time is called the condition
duplicated require() / revert() checks should be refactored to a modifier or function to save gas
Event appears twice and can be reduced
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L12 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L235
refactor this checks to different functions to save gas
for loops doens't need to initialize loop indexes to 0 as it is the default uint value this saves gas
Multiple initializations on loop's index to 0
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L92 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L205 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/StringUtils.sol#L14 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L56 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L266 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L313 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L310 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L256
Don't initialise the index
The default value of the uints is 0
Not initializing to 0 explicitly saves gas on variable declarations
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/StringUtils.sol#L12 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/INameWrapper.sol#L16 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L264 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L50 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L63 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L181 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L200
Don't initialise uint variables to 0
the order in structs affects memory and gas usage
there are several structs with no order on the variable types
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L73-L83 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L104-L112
put together all the same data types
++i costs less gas than i++, especially when it's used in for loops
using ++i doesn't affect the flow of regular for loops and improves gas cost
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/StringUtils.sol#L12 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L266 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L313 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L256
Substitute to ++variableName when posible
--i costs less gas than i--
i-- is used within a while loop and can be optimised to --i
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L235 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L241
replace i-- to --i
unchecked operations as the ++i on for loops are cheaper than checked one. If they are not supposed to reach the maximum value, they don't need to check for overflow
Gas can be optimised
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L92-L94 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/ERC1155Fuse.sol#L205-L220 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/StringUtils.sol#L14-L31 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L266-L275 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L256-L267
add unchecked ++i at the end of all the for loop where it's not expected to overflow and remove them from the for header
loop length variables assigned to a local variable improves gas usage
loop length is used without a uint variable
assign lengths to local variable for loops or when they are used several times
variables that can be constant should be constant for gas usage
variable is only assigned 1 so should be constant
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/DNSSEC.sol#L7
assigned it to constant
If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function.
Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided.
The extra opcodes avoided are: CALLVALUE (2), DUP1 (3), ISZERO (3), PUSH2 (3), JUMPI (10), PUSH1 (3), DUP1 (3), REVERT(0), JUMPDEST (1), POP (2), which costs an average of about 21 gas per call to the function, in addition to the extra deployment cost
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/Controllable.sol#L11-L14 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/Owned.sol#L18-L20
It's suggested to add payable to functions guaranteed to revert when called by normal users to improve gas costs