Platform: Code4rena
Start Date: 27/04/2022
Pot Size: $50,000 MIM
Total HM: 6
Participants: 59
Period: 5 days
Judge: 0xean
Id: 113
League: ETH
Rank: 53/59
Findings: 1
Award: $47.00
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BowTiedWardens
Also found by: 0x1f8b, 0xNazgul, 0xf15ers, 0xkatana, CertoraInc, Funen, GimelSec, Hawkeye, IllIllI, Kulk0, NoamYakov, Tadashi, Tomio, TrungOre, antonttc, catchup, defsec, delfin454000, fatherOfBlocks, gzeon, horsefacts, joestakey, kenta, oyc_109, pauliax, reassor, robee, samruna, simon135, slywaters, sorrynotsorry, z3s
47.002 MIM - $47.00
Details: constant USE_VALUE2 (L566 of NFTPair.sol and L599 of NFTPairWithOracle.sol) is not used. It can be removed to save gas during deployment.
Details: EVM instruction set does not have an opcode for less than or equal, so L494 of NFTPair.sol can be changed to for (uint256 k = 1; k < COMPOUND_INTEREST_TERMS; k++) { to optimize gas costs.
Mutatis mutandis, the same applies to L527 of NFTPairWithOracle.sol.
Remark: also note that k++ can be changed to ++k to economize even more execution gas.
Details: Apply the following changes to avoid using && and improve gas usage:
Change L622 from NFTPair.sol and L655 from NFTPairWithOracle.sol to:
require(callee != address(bentoBox), "NFTPair: can't call"); require(callee != address(collateral), "NFTPair: can't call"); require(callee != address(this), "NFTPair: can't call");
Change L188-191 from NFTPair.sol to
require(params.duration >= cur.duration, "NFTPair: worse params"); require(params.valuation <= cur.valuation, "NFTPair: worse params"); require(params.annualInterestBPS <= cur.annualInterestBPS, "NFTPair: worse params");
Change L205-211 from NFTPairWithOracle.sol to
require(params.duration >= cur.duration, "NFTPair: worse params"); require(params.valuation <= cur.valuation, "NFTPair: worse params"); require(params.annualInterestBPS <= cur.annualInterestBPS, "NFTPair: worse params"); require(params.ltvBPS <= cur.ltvBPS, "NFTPair: worse params");
Change L283-288 from NFTPair.sol to
require(params.valuation == accepted.valuation, "NFTPair: bad params"); require(params.duration <= accepted.duration, "NFTPair: bad params"); require(params.annualInterestBPS >= accepted.annualInterestBPS, "NFTPair: bad params");
Change L312-318 from NFTPairWithOracle.sol to
require(params.valuation == accepted.valuation, "NFTPair: bad params"); require(params.duration <= accepted.duration, "NFTPair: bad params"); require(params.annualInterestBPS >= accepted.annualInterestBPS, "NFTPair: bad params"); require(params.ltvBPS >= accepted.ltvBPS, "NFTPair: bad params");
Remark: I only recommend these optimizations if AbraNFT gives proper documentation for the errors NFTPair: can't call , NFTPair: worse params, and NFTPair: bad params. Otherwise, developers may miss one of the conditions when debugging a reverted transaction.
Details:
i++ can be replaced by ++i in the loop of L641 of NFTPair.soli++ can be replaced by ++i in the loop of L674 of NFTPairWithOracle.solk++ can be replaced by ++k in the loop of L494 of NFTPair.solk++ can be replaced by ++k in the loop of L527 of NFTPairWithOracle.sol#0 - cryptolyndon
2022-05-14T00:42:48Z
Seen, thank you