Back to MaratCerby's contests

OpenSea Seaport contest - MaratCerby's results

A marketplace contract for safely and efficiently creating and fulfilling orders for ERC721 and ERC1155 items.

General Information

Platform: Code4rena

Start Date: 20/05/2022

Pot Size: $1,000,000 USDC

Total HM: 4

Participants: 59

Period: 14 days

Judge: leastwood

Id: 128

League: ETH

OpenSea

Findings Distribution

Researcher Performance

Rank: 42/59

Findings: 1

Award: $450.19

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOpenSea

Findings Information

🌟 Selected for report: Dravee

Also found by: 0x1f8b, 0x29A, 0xalpharush, Chom, Czar102, Hawkeye, IllIllI, MaratCerby, MiloTruck, NoamYakov, OriDabush, RoiEvenHaim, Spearbit, Tadashi, TerrierLover, TomJ, asutorufos, cccz, cmichel, csanuragjain, defsec, delfin454000, djxploit, ellahi, foobar, gzeon, hake, hickuphh3, ignacio, ilan, joestakey, kaden, mayo, ming, oyc_109, peritoflores, rfa, sach1r0, sashik_eth, shung, sirhashalot, twojoy, zer0dot, zkhorse

Awards

450.1873 USDC - $450.19

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Impact

[1] Using --x uses 5 less gas than x--.

Affected code:

  1. https://github.com/code-423n4/2022-05-opensea-seaport/tree/main/contracts/lib/OrderCombiner.sol#L229

Proof of Concept

Tools Used

Impact

[2] Using ++x uses 5 less gas than x += 1.

Affected code:

  1. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderCombiner.sol#L490
  2. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderCombiner.sol#L515

Proof of Concept

Tools Used

Impact

[3] Consider using named constant instead of recalculating value on each function execution.

Affected code:

  1. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L143
  2. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L146
  3. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L150
  4. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L162
  5. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L175
  6. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L193
  7. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L205
  8. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L208
  9. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationBase.sol#L211

Proof of Concept

Tools Used

Impact

[4] Consider tightly pack the struct.

  • Some fields could use smaller types such as uint32 for timestamps and uint64 for nonces, identifiers.
  • Try reordering struct addresses to go together with smaller uints so they could fit into 32 bytes slots. It will significantly gas-efficient in storage read/write operations.

Affected code:

  1. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L22-L34
  2. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L45-L51
  3. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L58-L65
  4. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L84-L90
  5. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L100-L121
  6. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L139-L152
  7. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L198-L204
  8. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/ConsiderationStructs.sol#L225-L228

Proof of Concept

Tools Used

Impact

[5] It is possible to combine iterations in for-loop from 0 to min(orderParameters.consideration.length, orderParameters.offer.length) And then second for-loop from min(orderParameters.consideration.length, orderParameters.offer.length) to max(orderParameters.consideration.length, orderParameters.offer.length)

Affected code:

  1. https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/CriteriaResolution.sol#L181-L206

Proof of Concept

Tools Used

#0 - HardlyDifficult

2022-06-26T15:55:57Z

Using --x uses 5 less gas than x--. Using ++x uses 5 less gas than x += 1.

These should offer small savings.

Consider using named constant instead of recalculating value on each function execution.

These instances impact the constructor only. Since end-users are not impacted it's not clear these are worthwhile changes to make.

Consider tightly pack the struct.

Packing can offer a non-trivial savings.

It is possible to combine iterations in for-loop from 0 to min(orderParameters.consideration.length, orderParameters.offer.length)

This would complicate the implementation and not offer much of a savings. It's not clear this is a worthwhile change to consider.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter