Platform: Code4rena
Start Date: 13/12/2021
Pot Size: $75,000 USDC
Total HM: 11
Participants: 30
Period: 7 days
Judge: leastwood
Total Solo HM: 4
Id: 68
League: ETH
Rank: 21/30
Findings: 1
Award: $336.92
π Selected for report: 4
π Solo Findings: 0
10.2787 USDC - $10.28
Jujic
For example, in the BasketFacet contract you could use ++i to save gas since it is more efficient then i++.
#0 - 0xleastwood
2022-01-23T22:15:36Z
Duplicate of #108
π Selected for report: Jujic
Jujic
Each function part of contract's external interface is part of the function dispatch, i.e., every time a contract is called, it goes through a switch statement (a set of eq ... JUMPI blocks in EVM) matching the selector of each externally available functions with the chosen function selector (the first 4 bytes of calldata). This means that any unnecessary function that is part of contract's external interface will lead to more gas for (almost) every single function calls to the contract. There are several cases where constants were made public. This is unnecessary; the constants can simply be readfrom the verified contract, i.e., it is unnecessary to expose it with a public function.
Remix
π Selected for report: Jujic
Jujic
getLock() function take a large LibBasketStorage.basketStorage() object but can only use the lockBlock field of the struct.
It should be more efficient to only pass LibBasketStorage.basketStorage().lockBlock as the parameter.
Remix
π Selected for report: Jujic
Jujic
Some gas can be saved by avoiding the token assignment in the calcTokensForAmount() loop.
Change:
IERC20 token = bs.tokens[i]; uint256 tokenBalance = balance(address(token));
to
uint256 tokenBalance = balance(address(bs.tokens[i]));
Jujic
Various functions across contracts are never called from within contracts but yet declared public. Their visibility can be made external to save gas.
As described in https://mudit.blog/solidity-gas-optimization-tips/: βFor all the public functions, the input parameters are copied to memory automatically, and it costs gas. If your function is only called externally, then you should explicitly mark it as external. External functionβs parameters are not copied into memory but are read from calldata directly. This small optimization in your solidity code can save you a lot of gas when the function input parameters are huge.β
Remix
Change function visibility from public to external
35.2492 USDC - $35.25
Jujic
Contract CallFacet does not need to import CallProtection.sol because it already has the protectedCall modifier.
Remix
Consider reviewing all the unused imports and removing them to reduce the size of the contract and thus save some deployment gas.
#0 - 0xleastwood
2022-01-24T09:29:07Z
Duplicate of #13
21.1495 USDC - $21.15
Jujic
uint256 lastFeeClaimed = bs.lastAnnualizedFeeClaimed;// time in the chargeOutstandingAnnualizedFee() uint256 timePassed = block.timestamp.sub(lastFeeClaimed);
We recommend to not to use Safemath for this operation.
#0 - 0xleastwood
2022-01-23T22:21:26Z
Duplicate of #106