Platform: Code4rena
Start Date: 10/05/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 100
Period: 5 days
Judge: HardlyDifficult
Total Solo HM: 1
Id: 122
League: ETH
Rank: 64/100
Findings: 2
Award: $61.73
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BondiPestControl
Also found by: 0xf15ers, GimelSec, IllIllI, MadWookie, MiloTruck, Ruhum, VAD37, berndartmueller, cccz, csanuragjain, dipp, hake, horsefacts, jayjonah8, m9800, pedroais, throttle
31.6149 USDC - $31.61
Judge has assessed an item in Issue #164 as Medium risk. The relevant finding follows:
File:Cally.sol#224 require(msg.value >= premium, "Incorrect ETH amount sent"); Using == operator is 3 gas cheaper than >=. This also keeps people from acedently overpaying when buying an option.
Summary Implementing each of these would reduce the deploymnt cost from 5,431,682 to 5,387,621 and reduces buyOption from 75,765 to 75,013.
#0 - HardlyDifficult
2022-06-01T20:20:10Z
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, 0xsanson, Bludya, BowTiedWardens, CertoraInc, Cityscape, DavidGialdi, FSchmoede, Fitraldys, Funen, Hawkeye, Kenshin, MadWookie, MaratCerby, MiloTruck, Picodes, RagePit, Tadashi, TerrierLover, TomFrenchBlockchain, VAD37, WatchPug, Waze, _Adam, antonttc, bobirichman, catchup, defsec, delfin454000, djxploit, ellahi, fatherOfBlocks, gzeon, hake, hansfriese, hickuphh3, horsefacts, ignacio, joestakey, jonatascm, mics, minhquanym, oyc_109, pmerkleplant, rfa, robee, rotcivegaf, samruna, shung, sikorico, simon135, z3s
30.1234 USDC - $30.12
uint256 premium = getPremium(vaultId); require(msg.value >= premium, "Incorrect ETH amount sent");
Can become
require(msg.value >= getPremium(vaultId), "Incorrect ETH amount sent");
Variable premium is not needed as it is only used once. Saves 2600 gas in deployment and 12 gas in buyoption(). 2. File:Cally.sol#227
uint32 auctionStartTimestamp = vault.currentExpiration; require(block.timestamp >= auctionStartTimestamp, "Auction not started");
Can become
require(block.timestamp >= vault.currentExpiration, "Auction not started");
auctionStartTimestamp varable is not needed as vault.currentExpiration is only used once in the function. Saves 1800 gas in deployment and 4 gas in buyOption
Vault memory vault = _vaults[vaultId]; return premiumOptions[vault.premiumIndex];
Can become
return premiumOptions[_vaults[vaultId].premiumIndex];
This can save quite of bit of gas as the whole Vault struct doesnt have to be copied into memory. 42252 gas is saved on deployment and 733 gas in buyOption() when getPremium() is called.
if (isVaultToken) { _vaultBeneficiaries[id] = address(0); }
Can become
if (id % 2 != 0) { _vaultBeneficiaries[id] = address(0); }
The calcuation can be done in the if statement to save 1400 gas on deployment and 13 from transferFrom().
require(msg.value >= premium, "Incorrect ETH amount sent");
Using == operator is 3 gas cheaper than >=. This also keeps people from acedently overpaying when buying an option.
Summary Implementing each of these would reduce the deploymnt cost from 5,431,682 to 5,387,621 and reduces buyOption from 75,765 to 75,013.
#0 - outdoteth
2022-05-16T20:19:20Z
This can be bumped to a medium severity issue: Using == operator is 3 gas cheaper than >=. This also keeps people from acedently overpaying when buying an option: https://github.com/code-423n4/2022-05-cally-findings/issues/84
#1 - HardlyDifficult
2022-05-31T15:26:21Z