The Graph L2 bridge contest - KoKo's results

A protocol for indexing and querying blockchain data.

General Information

Platform: Code4rena

Start Date: 07/10/2022

Pot Size: $50,000 USDC

Total HM: 4

Participants: 62

Period: 5 days

Judge: 0xean

Total Solo HM: 2

Id: 169

League: ETH

The Graph

Findings Distribution

Researcher Performance

Rank: 59/62

Findings: 1

Award: $20.79

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository The Graph

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xNazgul, 0xSmartContract, 0xdeadbeef, B2, Bnke0x0, Deivitto, ElKu, Jujic, KoKo, Pheonix, RaymondFam, RedOneN, RockingMiles, Rolezn, Saintcode_, Shinchan, TomJ, Tomio, __141345__, ajtra, aysha, c3phas, carlitox477, catchup, delfin454000, emrekocak, erictee, fatherOfBlocks, gerdusx, gianganhnguyen, gogo, martin, mcwildy, medikko, oyc_109, pedr02b2, rbserver, ret2basic, rotcivegaf, saian, sakman, zishansami

Awards

20.7905 USDC - $20.79

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

CONSTANTS SHOULD BE MARKED AS `IMMUTABLE` OR `CONSTANT`

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L29

DO NOT USE BOOLEANS, USE UINTS INSTEAD (0 AND 1 FOR EXAMPLE)

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Pausable.sol#L8
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Pausable.sol#L10

DON’T COMPARE BOOLEAN EXPRESSIONS TO BOOLEAN LITERALS

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L214

STRING LONGER THAN 32 BYTES INCUR OVERHEAD

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphProxy.sol#L105
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphProxy.sol#L142-L145

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphUpgradeable.sol#L32

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/GraphTokenGateway.sol#L19-L22

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L53

PACK STORAGE VARIABLES IN FEWER SLOTS

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Pausable.sol#L8

STATE VARIABLES SHOULD BE CACHED IN STACK VARIABLES RATHER THAN RE-READING THEM FROM STORAGE

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Governed.sol#L55-L66

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Pausable.sol#L27-L34
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Pausable.sol#L41-L48

FUNCTIONS GUARANTEED TO REVERT WHEN CALLED BY NORMAL USERS CAN BE MARKED PAYABLE

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/L2GraphToken.sol#L80
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/L2GraphToken.sol#L90

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Governed.sol#L40

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L52
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L56

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphUpgradeable.sol#L50

USE MULTIPLE REQUIRE STATEMENTS INSTEAD OF ONE TO SAVE GAS (`&&`)

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L142

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphProxy.sol#L142-L145

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Governed.sol#L54-L57

<X < Y + 1> is cheaper than <X <= Y>

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/GraphTokenUpgradeable.sol#L95

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L224
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L275

USE CUSTOM ERRORS RATHER THAN REVERT()/REQUIRE() STRINGS TO SAVE DEPLOYMENT GAS

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphProxy.sol#L105
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphProxy.sol#L141
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphProxy.sol#L157

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/GraphTokenUpgradeable.sol#L60
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/GraphTokenUpgradeable.sol#L94
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/GraphTokenUpgradeable.sol#L95
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/GraphTokenUpgradeable.sol#L115

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Governed.sol#L24
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Governed.sol#L54-L57

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/arbitrum/L1ArbitrumMessenger.sol#L100

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphProxyStorage.sol#L62

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/L2GraphToken.sol#L36
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/L2GraphToken.sol#L49
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/L2GraphToken.sol#L70

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L44
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L49
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L53
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/governance/Managed.sol#L104

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphUpgradeable.sol#L24
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/upgrades/GraphUpgradeable.sol#L32

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/GraphTokenGateway.sol#L19-L22
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/GraphTokenGateway.sol#L40

INLINE FUNCTION WHERE POSSIBLE

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/gateway/L2GraphTokenGateway.sol#L286

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/L1GraphTokenGateway.sol#L290

https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/l2/token/GraphTokenUpgradeable.sol#L195

The Graph L2 bridge contest - KoKo's results

A protocol for indexing and querying blockchain data.

General Information

Findings Distribution

Researcher Performance

External Links

[G-10] Gas Report - $20.79

Findings Information

Awards

Labels

External Links

CONSTANTS SHOULD BE MARKED AS IMMUTABLE OR CONSTANT

DO NOT USE BOOLEANS, USE UINTS INSTEAD (0 AND 1 FOR EXAMPLE)

DON’T COMPARE BOOLEAN EXPRESSIONS TO BOOLEAN LITERALS

STRING LONGER THAN 32 BYTES INCUR OVERHEAD

PACK STORAGE VARIABLES IN FEWER SLOTS

STATE VARIABLES SHOULD BE CACHED IN STACK VARIABLES RATHER THAN RE-READING THEM FROM STORAGE

FUNCTIONS GUARANTEED TO REVERT WHEN CALLED BY NORMAL USERS CAN BE MARKED PAYABLE

USE MULTIPLE REQUIRE STATEMENTS INSTEAD OF ONE TO SAVE GAS (&&)

<X < Y + 1> is cheaper than <X <= Y>

USE CUSTOM ERRORS RATHER THAN REVERT()/REQUIRE() STRINGS TO SAVE DEPLOYMENT GAS

INLINE FUNCTION WHERE POSSIBLE

CONSTANTS SHOULD BE MARKED AS `IMMUTABLE` OR `CONSTANT`

USE MULTIPLE REQUIRE STATEMENTS INSTEAD OF ONE TO SAVE GAS (`&&`)