Back to Satyam_Sharma's contests

Frax Ether Liquid Staking contest - Satyam_Sharma's results

A liquid ETH staking derivative designed to uniquely leverage the Frax Finance ecosystem.

General Information

Platform: Code4rena

Start Date: 22/09/2022

Pot Size: $30,000 USDC

Total HM: 12

Participants: 133

Period: 3 days

Judge: 0xean

Total Solo HM: 2

Id: 165

League: ETH

Frax Finance

Findings Distribution

Researcher Performance

Rank: 127/133

Findings: 1

Award: $12.81

๐ŸŒŸ Selected for report: 0

๐Ÿš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrax Finance

Findings Information

๐ŸŒŸ Selected for report: pfapostol

Also found by: 0x040, 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Amithuddar, Aymen0909, B2, Ben, Bnke0x0, Chom, CodingNameKiki, Deivitto, Diana, Fitraldys, Funen, IllIllI, JAGADESH, JC, Metatron, Ocean_Sky, PaludoX0, Pheonix, RaymondFam, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Satyam_Sharma, Sm4rty, SnowMan, SooYa, Tagir2003, TomJ, Tomio, Triangle, V_B, Waze, __141345__, ajtra, albincsergo, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, bytera, c3phas, ch0bu, cryptostellar5, cryptphi, d3e4, delfin454000, dharma09, drdr, durianSausage, emrekocak, erictee, fatherOfBlocks, gogo, got_targ, imare, jag, karanctf, ladboy233, leosathya, lukris02, medikko, mics, millersplanet, natzuu, neko_nyaa, oyc_109, peanuts, prasantgupta52, rbserver, ret2basic, rokinot, ronnyx2017, rotcivegaf, sach1r0, samruna, seyni, slowmoses, tnevler, wagmi, zishansami

Awards

12.811 USDC - $12.81

Labels

bug
G (Gas Optimization)
edited-by-warden

External Links

Link to GitHub issue

ISSUE 1. Do not shrink Variables ..Use uint256 instead of using uint in L151...

repo: https://github.com/code-423n4/2022-09-frax/blob/main/src/OperatorRegistry.sol#L151

explanation: This means that if you use uint, EVM has to first convert it uint256 to work on it and the conversion costs extra gas! You may wonder, What were the devs thinking? Why did they create smaller variables then? The answer lies in packing. In solidity, you can pack multiple small variables into one slot, but if you are defining a lone variable and canโ€™t pack it, itโ€™s optimal to use a uint256 rather than uint.

for further...https://mudit.blog/solidity-gas-optimization-tips/... 2) uint8 is not always cheaper than uint256

Issue 2.

Wrong require statement declared as sfrxeth_recieved in L79 already declared as uint256 hence it get never less than 0 ..

    uint256 sfrxeth_recieved = sfrxETHToken.deposit(msg.value, recipient);
    require(sfrxeth_recieved > 0, 'No sfrxETH was returned');

....instead of using >(greater than)operator use !=(not equal to)operator..

repohttps://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L79

same as in L126..instead of using >(greater than)operator use !=(not equal to)operator

repo: https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L126

Issue 3.

Do not initialize withheld_amt = 0 ..Every variable assignment in Solidity costs gas. When initializing variables, we often waste gas by assigning default values that will never be used.

uint256 withheld_amt; is cheaper than uint256 withheld_amt = 0;.

repo: https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L94

Issue 4.

Use revert instead of using require statement as it will save you a more gas... By using Custom error rather than using require will save you a gas..

https://github.com/code-423n4/2022-09-frax/blob/main/src/ERC20/ERC20PermitPermissionedMint.sol#L66 https://github.com/code-423n4/2022-09-frax/blob/main/src/ERC20/ERC20PermitPermissionedMint.sol#L68

https://github.com/code-423n4/2022-09-frax/blob/main/src/ERC20/ERC20PermitPermissionedMint.sol#L77-L78

https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L79 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L126 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L167 https://github.com/code-423n4/2022-09-frax/blob/main/src/OperatorRegistry.sol#L182 https://github.com/code-423n4/2022-09-frax/blob/main/src/OperatorRegistry.sol#L137 https://github.com/code-423n4/2022-09-frax/blob/main/src/OperatorRegistry.sol#L182

Use custom error where ever possible as it will save You a much more gas..

refernce: https://0xmacro.com/blog/solidity-gas-optimizations-cheat-sheet/ ..7.Use custom errors to save deployment and runtime costs in case of revert.

ISSUE 5. Using the indexed keyword for value types such as uint, bool, and address saves gas costs, as seen in the example below. However, this is only the case for value types, whereas indexing bytes and strings are more expensive than their unindexed version.

https://github.com/code-423n4/2022-09-frax/blob/main/src/ERC20/ERC20PermitPermissionedMint.sol#L102-L103

https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L205 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L206 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L207 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L208 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L209 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L210 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L211 https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L212

https://github.com/code-423n4/2022-09-frax/blob/main/src/OperatorRegistry.sol#L208-L214

reference:https://0xmacro.com/blog/solidity-gas-optimizations-cheat-sheet/ point 9.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax ยฉ 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter