Back to Noah3o6's contests

Nibbl contest - Noah3o6's results

NFT fractionalization protocol with guaranteed liquidity and price based buyout.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $30,000 USDC

Total HM: 12

Participants: 96

Period: 3 days

Judge: HardlyDifficult

Total Solo HM: 5

Id: 140

League: ETH

Findings Distribution

Researcher Performance

Rank: 50/96

Findings: 2

Award: $45.58

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Nibbl

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, JC, JMukesh, JohnSmith, Lambda, Limbooo, MadWookie, MiloTruck, Nethermind, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RoiEvenHaim, SmartSek, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Treasure-Seeker, UnusualTurtle, Varun_Verma, Wayne, Waze, _Adam, apostle0x01, asutorufos, berndartmueller, c3phas, catchup, cccz, cloudjunky, codexploder, cryptphi, defsec, delfin454000, dipp, ellahi, exd0tpy, fatherOfBlocks, hansfriese, hyh, joestakey, kebabsec, kenta, masterchief, minhquanym, naps62, oyc_109, pashov, peritoflores, reassor, rfa, robee, sach1r0, saian, sashik_eth, shenwilly, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, ych18, zuhaibmohd, zzzitron

Awards

28.2781 USDC - $28.28

Labels

bug

QA (Quality Assurance)

sponsor disputed

External Links

Link to GitHub issue

-> USE A MORE RECENT VERSION OF SOLIDITY

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=pragma%20solidity%200.8.10%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Utilities/AccessControlMechanism.sol#:~:text=pragma%20solidity%20%5E0.8.0%3B

#0 - HardlyDifficult
2022-07-04T18:22:31Z

Fair

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 8olidity, ACai, BowTiedWardens, Chandr, Chom, ElKu, Fitraldys, Funen, IgnacioB, JC, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, Randyyy, SmartSek, StErMi, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, _Adam, ajtra, c3phas, cRat1st0s, catchup, codexploder, cryptphi, defsec, delfin454000, ellahi, exd0tpy, fatherOfBlocks, hansfriese, joestakey, kebabsec, kenta, m_Rassska, minhquanym, oyc_109, pashov, reassor, rfa, robee, sach1r0, saian, sashik_eth, simon135, slywaters, ych18, ynnad, zuhaibmohd

Awards

17.2989 USDC - $17.30

Labels

bug

duplicate

G (Gas Optimization)

External Links

Link to GitHub issue

Whats up guy, here are the potential Gas Optimizations I found:

Using X = X + Y IS CHEAPER THAN X += Y (ALSO X= X - Y IS CHEAPER THAN X -= Y)

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=CURVE_FEE)%20/%20SCALE%20%3B-,feeAccruedCurator%20%2B%3D%20_feeCurator%3B,-//_maxSecondaryBalanceIncrease%3A%20is%20the

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=secondaryReserveBalance%20%2B%3D%20_feeCurve%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=curatorFee)%20/%20SCALE%20%3B-,feeAccruedCurator%20%2B%3D%20_feeCurator%3B,-if(_adminFeeAmt%20%3E

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=secondaryReserveBalance%20%2B%3D%20_lowerCurveDiff%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=unsettledBids%5Bbidder%5D%20%2B%3D%20_buyoutValuationDeposit%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=totalUnsettledBids%20%2B%3D%20_buyoutValuationDeposit%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=primaryReserveBalance%20%2D%3D%20_saleReturn%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=totalUnsettledBids%20%2D%3D%20_amount%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Bancor/BancorFormula.sol#:~:text=xi%20%3D%20(xi,33%20*%20(33!%20/%2033!)

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Bancor/BancorFormula.sol#:~:text=if%20(x%20%3E%3D%200xd3094c70f034de4b96ff7d5b6f99fcd8,add%201%20/%202%5E8

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Bancor/BancorFormula.sol#:~:text=res%20%2B%3D%20z,y%5E16%20/%2016

SPLITTING REQUIRE() STATEMENTS THAT USE && to save gas

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVaultFactory.sol#:~:text=require(basketUpdateTime%20!%3D%200%20%26%26%20block.timestamp%20%3E%3D%20basketUpdateTime%2C%20%22NibblVaultFactory%3A%20UPDATE_TIME%20has%20not%20passed%22)%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Test/TestBancorFormula.sol#:~:text=require(_supply%20%3E%200%20%26%26%20_connectorBalance%20%3E%200%20%26%26%20_connectorWeight%20%3E%200%20%26%26%20_connectorWeight%20%3C%3D%20MAX_WEIGHT)%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Test/TestBancorFormula.sol#:~:text=require(_supply%20%3E%200%20%26%26%20_connectorBalance%20%3E%200%20%26%26%20_connectorWeight%20%3E%200%20%26%26%20_connectorWeight%20%3C%3D%20MAX_WEIGHT%20%26%26%20_sellAmount%20%3C%3D%20_supply)%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Test/TestBancorFormula.sol#:~:text=require(_fromConnectorBalance%20%3E%200%20%26%26%20_fromConnectorWeight%20%3E%200%20%26%26%20_fromConnectorWeight%20%3C%3D%20MAX_WEIGHT%20%26%26%20_toConnectorBalance%20%3E%200%20%26%26%20_toConnectorWeight%20%3E%200%20%26%26%20_toConnectorWeight%20%3C%3D%20MAX_WEIGHT)%3B

++i costs less gas compared to i++ or i += 1

I suggest using ++i instead of i++ to increment the value of an uint variable.

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20_assetAddresses.length%3B%20i%2B%2B)%20%7B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=Only%20winner%22)%3B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20_assets.length%3B%20i%2B%2B)%20%7B,-IERC20(_assets%5Bi

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=Only%20winner%22)%3B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20_assets.length%3B%20i%2B%2B)%20%7B,-uint256%20balance%20%3D

VISIBILITY Reducing from public to private or internal can save gas when a constant isn’t used outside of its contract. I suggest changing the visibility from public to internal or private

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Utilities/AccessControlMechanism.sol#:~:text=bytes32%20public%20constant%20FEE_ROLE%20%3D%20keccak256(%22FEE_ROLE%22)%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Utilities/AccessControlMechanism.sol#:~:text=bytes32%20public%20constant%20PAUSER_ROLE%20%3D%20keccak256(%22PAUSER_ROLE%22)%3B

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Utilities/AccessControlMechanism.sol#:~:text=bytes32%20public%20constant%20IMPLEMENTER_ROLE%20%3D%20keccak256(%22IMPLEMENTER_ROLE%22)%3B

IT COSTS MORE GAS TO INITIALIZE VARIABLES TO ZERO THAN TO LET THE DEFAULT OF ZERO BE APPLIED

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20_assetAddresses.length%3B%20i%2B%2B)

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=Only%20winner%22)%3B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20_assets.length%3B%20i%2B%2B)%20%7B,-IERC20(_assets%5Bi

https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#:~:text=Only%20winner%22)%3B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20_assets.length%3B%20i%2B%2B)%20%7B,-uint256%20balance%20%3D

#0 - mundhrakeshav
2022-06-26T12:19:30Z

Duplicate #2 #3 #5 #6 #8 #15

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Contests

Get in touch

Contact Twitter