Back to NoamYakov's contests

AbraNFT contest - NoamYakov's results

A peer to peer lending platform, using NFTs as collateral.

General Information

Platform: Code4rena

Start Date: 27/04/2022

Pot Size: $50,000 MIM

Total HM: 6

Participants: 59

Period: 5 days

Judge: 0xean

Id: 113

League: ETH

Abracadabra Money

Findings Distribution

Researcher Performance

Rank: 54/59

Findings: 1

Award: $46.34

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAbracadabra Money

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s

Awards

46.3405 MIM - $46.34

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Unnecessary checked arithmetic in for loops

There is no risk of overflow caused by increments to the iteration index in for loops (the i++ in for (uint256 i = 0; i < numIterations; i++)). Increments perform overflow checks that are not necessary in this case.

Recommendation

Surround the increment expressions with an unchecked { ... } block to avoid the default overflow checks. For example, change the loop

for (uint256 i = 0; i < numIterations; i++) {
	// ...
}

to

for (uint256 i = 0; i < numIterations;) {
	// ...
	unchecked { i++; }
}

It is a little less readable but it saves a significant amount of gas.

Unnecessary SLOADs and MLOADs in for-each loops

There are many for loops that follows this for-each pattern:

for (uint256 i = 0; i < array.length; i++) {
	// do something with `array[i]`
}

In such for loops, the array.length is read on every iteration, instead of caching it once in a local variable and read it from there. Storage reads are much more expensive than reading local variables. Memory reads are a bit more expensive than reading local variables.

Recommendation

Read these values from storage / memory once, cache them in local variables and then read them again from the local variables. For example:

uint256 length = array.length;
for (uint256 i = 0; i < length; i++) {
	// do something with `array[i]`
}

Prefix increments / decrements are cheaper than postfix increments / decrements

Use prefix increments / decrements (++x / --x) instead of postfix increments / decrements (x++ / x--).

Recommendation

Change all postfix increments / decrements to prefix increments / decrements.

#0 - cryptolyndon

2022-05-13T22:40:19Z

Re the first one, we use a compiler version that uses unchecked math by default. The other two, as noted elsewhere, I would be very surprised if the optimizer did not catch but I haven't checked.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter