Back to MaratCerby's contests

bunker.finance contest - MaratCerby's results

The easiest way to borrow against your NFTs.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $50,000 USDC

Total HM: 4

Participants: 46

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 117

League: ETH

bunker.finance

Findings Distribution

Researcher Performance

Rank: 43/46

Findings: 1

Award: $52.48

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings Repositorybunker.finance

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, Cityscape, Fitraldys, Funen, GimelSec, IllIllI, MaratCerby, Picodes, TerrierLover, Tomio, delfin454000, ellahi, fatherOfBlocks, hansfriese, ilan, joestakey, oyc_109, rfa, robee, samruna, simon135, slywaters, throttle

Awards

52.4836 USDC - $52.48

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L24

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_AssetShouldNotBeZeroAddress(); 
.. 
if(_underlying == address(0))
{
	revert CNFT_AssetShouldNotBeZeroAddress();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L25

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error _comptroller_IsNotAComptrollerContract(); 
.. 
if(!ComptrollerInterface(_comptroller).isComptroller())
{
	revert _comptroller_IsNotAComptrollerContract();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L40

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_IdOrAmountsLengthMismatch(); 
.. 
if(tokenIds.length != amounts.length)
{
	revert CNFT_IdOrAmountsLengthMismatch();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L45

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_MintIsNotAllowed(); 
.. 
if(mintAllowedResult != 0)
{
	revert CNFT_MintIsNotAllowed();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L52

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_AmountsMustBeAll1sForNon_ERC1155s(); 
.. 
if(amounts[i] != 1))
{
	revert CNFT_AmountsMustBeAll1sForNon_ERC1155s();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L66

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error NotTheNftOwner(); 
.. 
if(!(checkSuccess && nftOwner == msg.sender))
{
	revert NotTheNftOwner();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L69

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_CallingBuyPunkWasUnsuccessful(); 
.. 
if(!buyPunkSuccess)
{
	revert CNFT_CallingBuyPunkWasUnsuccessful();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L85

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_IdOrAmountsLegthMismatch(); 
.. 
if(seizeIds.length != seizeAmounts.length)
{
	revert CNFT_IdOrAmountsLegthMismatch();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L90

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_SeizeIsNotAllowed(); 
.. 
if(siezeAllowedResult != 0)
{
	revert CNFT_SeizeIsNotAllowed();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L93

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_LiquidatorCannotBeBorrower(); 
.. 
if(borrower == liquidator)
{
	revert CNFT_LiquidatorCannotBeBorrower();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L100

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_AmountsMustBeAll1sForNon_ERC1155s(); 
.. 
if(seizeAmounts[i] != 1)
{
	revert CNFT_AmountsMustBeAll1sForNon_ERC1155s();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L116

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_IdOrAmountsLegthMismatch(); 
.. 
if(tokenIds.length != amounts.length)
{
	revert CNFT_IdOrAmountsLegthMismatch();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L124

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_AmountsMustBeAll1sForNon_ERC1155s(); 
.. 
if(amounts[i] != 1)
{
	revert CNFT_AmountsMustBeAll1sForNon_ERC1155s();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L127

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_NotEnoughNFTsToRedeem(); 
.. 
if(balanceOf(msg.sender, tokenIds[i]) < amounts[i])
{
	revert CNFT_NotEnoughNFTsToRedeem();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L132

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_RedeemIsNotAllowed(); 
.. 
if(redeemAllowedResult != 0)
{
	revert CNFT_RedeemIsNotAllowed();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L148

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_CallingTransferPunkWasUnsuccessful(); 
.. 
if(!transferPunkSuccess)
{
	revert CNFT_CallingTransferPunkWasUnsuccessful();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L182

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_RedeemIsNotAllowed(); 
.. 
if(transferAllowedResult != 0)
{
	revert CNFT_RedeemIsNotAllowed();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L208

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_ThisContractCanOnlyReceiveTheUnderlyingNFT(); 
.. 
if(msg.sender != underlying)
{
	revert CNFT_ThisContractCanOnlyReceiveTheUnderlyingNFT();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L209

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_OnlyTheCNFTContractCanBeTheOperator(); 
.. 
if(operator != address(this))
{
	revert CNFT_OnlyTheCNFTContractCanBeTheOperator();
}

Impact

Recommending to upgrade solidity version to 0.8.4 which introduces new custom errors. Custom errors are reducing 38 gas if condition is met and 22 gas otherwise. Also reduces contract size and deployment costs.

Affected code: https://github.com/bunkerfinance/bunker-protocol/tree/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L279

Proof of Concept

https://blog.soliditylang.org/2021/04/21/custom-errors/

Tools Used

Recommended code:

error CNFT_CannotMakeAnArbitraryCallToUnderlyingNFT(); 
.. 
if(to == underlying))
{
	revert CNFT_CannotMakeAnArbitraryCallToUnderlyingNFT();
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L50-L55

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * length gas. Recommended code:

 for (uint256 i; i < length; ) {
    if (!is1155) {
        require(amounts[i] == 1, "CNFT: Amounts must be all 1s for non-ERC1155s.");
    }
    totalAmount += amounts[i];
    unchecked {i++;}
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L62-L70

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * length gas. Recommended code:

for (uint256 i; i < length; ) {
    bytes memory punkIndexToAddress = abi.encodeWithSignature("punkIndexToAddress(uint256)", tokenIds[i]);
    (bool checkSuccess, bytes memory result) = underlying.staticcall(punkIndexToAddress);
    (address nftOwner) = abi.decode(result, (address));
    require(checkSuccess && nftOwner == msg.sender, "Not the NFT owner");
    bytes memory data = abi.encodeWithSignature("buyPunk(uint256)", tokenIds[i]);
    (bool buyPunkSuccess, ) = underlying.call(data);
    require(buyPunkSuccess, "CNFT: Calling buyPunk was unsuccessful");
    unchecked {i++;}
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L72-L74

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * length gas. Recommended code:

for (uint256 i; i < length; ) {
    IERC721(underlying).safeTransferFrom(msg.sender, address(this), tokenIds[i], "");
    unchecked {i++;}
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L98-L103

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * length gas. Recommended code:

for (uint256 i; i < length;) {
    if (!is1155) {
        require(seizeAmounts[i] == 1, "CNFT: Amounts must be all 1s for non-ERC1155s.");
    }
    totalAmount += seizeAmounts[i];
    unchecked {i++;}
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L122-L128

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * length gas. Recommended code:

for (uint256 i; i < length;) {
    if (!is1155) {
        require(amounts[i] == 1, "CNFT: Amounts must be all 1s for non-ERC1155s.");
    }
    totalAmount += amounts[i];
    require(balanceOf(msg.sender, tokenIds[i]) >= amounts[i], "CNFT: Not enough NFTs to redeem");
    unchecked {i++;}
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L145-L149

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * length gas. Recommended code:

for (uint256 i; i < length; ) {
    bytes memory data = abi.encodeWithSignature("transferPunk(address,uint256)", msg.sender, tokenIds[i]);
    (bool transferPunkSuccess, ) = underlying.call(data);
    require(transferPunkSuccess, "CNFT: Calling transferPunk was unsuccessful");
    unchecked {i++;}
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L151-L153

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * length gas. Recommended code:

for (uint256 i; i < length; ) {
    IERC721(underlying).safeTransferFrom(address(this), msg.sender, tokenIds[i], "");
    unchecked {i++;}
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/CNft.sol#L176-L178

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * vars.length gas. Recommended code:

for (uint256 i; i < vars.length;) {
    vars.totalAmount += amounts[i];
    unchecked {i++;}   
}

Impact

Solidity 0.8.0 introduced SafeMath enabled by default for any math operation. To improve gas usage unchecked keyword is recommended in for cycle. It reduces 49 gas per each iteration in cycle. Affected code: https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ERC1155Enumerable.sol#L51-L69

Proof of Concept

https://docs.soliditylang.org/en/v0.8.13/080-breaking-changes.html#:~:text=Arithmetic%20operations

Tools Used

Saves 49 * ids.length gas. Recommended code:

for (uint256 i; i < ids.length;) {
    uint256 amount = amounts[i];
    if (amount == 0) {
        continue;
    }

    uint256 id = ids[i];
    if (from == address(0)) {
        totalSupply += amount;
    } else if (balanceOf(from, id) == amount) {
        fromTokens.remove(id);
    }

    if (to == address(0)) {
        totalSupply -= amount;
    } else if (balanceOf(to, id) == 0) {
        toTokens.add(id);
    }
    unchecked {i++;} 
}
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter