Back to Sathish9098's contests

Forgeries contest - Sathish9098's results

A protocol for on-chain games with NFT prizes on Ethereum.

General Information

Platform: Code4rena

Start Date: 13/12/2022

Pot Size: $36,500 USDC

Total HM: 5

Participants: 77

Period: 3 days

Judge: gzeon

Total Solo HM: 1

Id: 191

League: ETH

Forgeries

Findings Distribution

Researcher Performance

Rank: 54/77

Findings: 1

Award: $25.95

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryForgeries

Findings Information

🌟 Selected for report: c3phas

Also found by: 0x1f8b, Aymen0909, Bnke0x0, Bobface, IllIllI, PaludoX0, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Sathish9098, adriro, chaduke, codeislight, ctrlc03, indijanc, izhelyazkov, kuldeep, nadin, neko_nyaa, nicobevi, rvierdiiev, shark

Awards

25.9485 USDC - $25.95

Labels

bug
G (Gas Optimization)
grade-b
G-13

External Links

Link to GitHub issue

[GAS-1] Use uint256 instead of uint32 . uint256 is consume less gas than uint32

A smart contract's gas consumption can be higher if developers use items that are less than 32 bytes in size because the Ethereum Virtual Machine can only handle 32 bytes at a time. In order to increase the element's size to the necessary size, the EVM has to perform additional operations.

File: 2022-12-forgeries/src/utils/Version.sol

  5:    uint32 private immutable __version;

 13:  constructor(uint32 version) {

2022-12-forgeries/src/VRFNFTRandomDraw.sol

 22:  uint32 immutable callbackGasLimit = 200_000;

[GAS-2] Use uint256 instead of uint16 . uint256 consume less gas than uint16

2022-12-forgeries/src/VRFNFTRandomDraw.sol

  24:   uint16 immutable minimumRequestConfirmations = 3;

  26:    uint16 immutable wordsRequested = 1;

[GAS-3] instead of using operator && on single require or if checks . using double REQUIRE OR IF checks can save more gas.

2022-12-forgeries/src/VRFNFTRandomDraw.sol

      if (
        request.hasChosenRandomNumber &&
        // Draw timelock not yet used
        request.drawTimelock != 0 &&
        request.drawTimelock > block.timestamp
       )

[GAS-4] FUNCTIONS GUARANTEED TO REVERT WHEN CALLED BY NORMAL USERS CAN BE MARKED PAYABLE

If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided. The extra opcodes avoided are CALLVALUE(2),DUP1(3),ISZERO(3),PUSH2(3),JUMPI(10),PUSH1(3),DUP1(3),REVERT(0),JUMPDEST(1),POP(2), which costs an average of about 21 gas per call to the function, in addition to the extra deployment cost.

2022-12-forgeries/src/VRFNFTRandomDraw.sol

 203:  function redraw() external onlyOwner returns (uint256) {

 304 :  function lastResortTimelockOwnerClaimNFT() external onlyOwner {

[ GAS-5]

GAS-1 Use assembly to check for address(0) 3 GAS-2 Use calldata instead of memory for function arguments that do not get mutated 4

#0 - c4-judge

2022-12-17T17:44:03Z

gzeon-c4 marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter