Back to TerrierLover's contests

LI.FI contest - TerrierLover's results

Bridge & DEX Aggregation.

General Information

Platform: Code4rena

Start Date: 24/03/2022

Pot Size: $75,000 USDC

Total HM: 15

Participants: 59

Period: 7 days

Judge: gzeon

Id: 103

League: ETH

LI.FI

Findings Distribution

Researcher Performance

Rank: 55/59

Findings: 1

Award: $70.70

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLI.FI

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, ACai, CertoraInc, FSchmoede, Funen, Hawkeye, IllIllI, Jujic, Kenshin, PPrieditis, Picodes, SolidityScan, TerrierLover, Tomio, WatchPug, catchup, csanuragjain, defsec, dimitri, hake, hickuphh3, kenta, minhquanym, obront, peritoflores, rayn, rfa, robee, saian, samruna, tchkvsky, teryanarmen, ych18

Awards

70.6981 USDC - $70.70

Labels

bug
G (Gas Optimization)
resolved

External Links

Link to GitHub issue

Use uint256 instead of uint8 at for loop at Swapper.sol and HopFacet.sol

Target codebase

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/Swapper.sol#L14

for (uint8 i; i < _swapData.length; i++) {
    require(
        ls.dexWhitelist[_swapData[i].approveTo] == true && ls.dexWhitelist[_swapData[i].callTo] == true,
        "Contract call not allowed!"
    );

    LibSwap.swap(_lifiData.transactionId, _swapData[i]);
}

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/HopFacet.sol#L48-L50

for (uint8 i; i < _tokens.length; i++) {
    s.hopBridges[_tokens[i]] = _bridgeConfigs[i];
}

Usage of uint8 increases the gas fee. If switching this to uint256 is possible for the product, it can reduce the gas fee.

Proposed implementations

Just use uint256 instead of uint8.

for (uint256 i; i < _swapData.length; i++) {
    require(
        ls.dexWhitelist[_swapData[i].approveTo] == true && ls.dexWhitelist[_swapData[i].callTo] == true,
        "Contract call not allowed!"
    );

    LibSwap.swap(_lifiData.transactionId, _swapData[i]);
}

for (uint256 i; i < _tokens.length; i++) {
    s.hopBridges[_tokens[i]] = _bridgeConfigs[i];
}

Gas improvements

Gas fees of methods and deployments are decreased by using uint256 instead of uint8.

Methods - average gas change

ContractMethodsBeforeAfterChange
AnyswapFacetswapAndStartBridgeTokensViaAnyswap238904238872-32
CBridgeFacetswapAndStartBridgeTokensViaCBridge315598315557-41
DiamondCutFacetdiamondCut252812252800-12
GenericSwapFacetswapTokensGeneric254149254108-41
HopFacetstartBridgeTokensViaHop215293215289-4
HopFacetswapAndStartBridgeTokensViaHop357016356975-41
NXTPFacetswapAndStartBridgeTokensViaNXTP357455357414-

Deployments - average gas change

ContractBeforeAfterChange
HopFacet14826241476996-5628
NXTPFacet17545441750853-3691

== true check is not needed at _executeSwaps function in Swapper.sol

Target codebase

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/Swapper.sol#L16

require(
    ls.dexWhitelist[_swapData[i].approveTo] == true && ls.dexWhitelist[_swapData[i].callTo] == true,
    "Contract call not allowed!"
);

When checking boolean value, it does not need to check == true.

Proposed implementations

Following code has same meaning.

require(
    ls.dexWhitelist[_swapData[i].approveTo] && ls.dexWhitelist[_swapData[i].callTo],
    "Contract call not allowed!"
);

Gas improvements

Confirmed that the gas fees of deployments and methods decreased.

Usage of != 0 instead of > 0 can reduce the gas fee slightly

Target codebase

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/HopFacet.sol#L109 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/AnyswapFacet.sol#L92 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/AnyswapFacet.sol#L105 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/CBridgeFacet.sol#L105 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/CBridgeFacet.sol#L116 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/NXTPFacet.sol#L98 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibAsset.sol#L67 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L84 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L102 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L121 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L189 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L196 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L212

Proposed implementations

Use != 0 instead of > 0. Example code is as follows:

require(contractSize != 0, _errorMessage);

Gas improvements

Confirmed that the gas fees of deployments and methods decreased.

Avoid using == true or == false at DexManagerFacet.sol

Target codebase

Where == true is used

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/DexManagerFacet.sol#L20

if (s.dexWhitelist[_dex] == true) {
    return;
}

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/DexManagerFacet.sol#L34

if (s.dexWhitelist[_dexs[i]] == true) {
    continue;
}

Where == false is used

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/DexManagerFacet.sol#L47

if (s.dexWhitelist[_dex] == false) {
    return;
}

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/DexManagerFacet.sol#L66

if (s.dexWhitelist[_dexs[i]] == false) {
    continue;
}

Proposed implementations

Where == true is used

if (s.dexWhitelist[_dex]) {
    return;
}

if (s.dexWhitelist[_dexs[i]]) {
    continue;
}

Where == false is used

if (!s.dexWhitelist[_dex]) {
    return;
}

if (!s.dexWhitelist[_dexs[i]]) {
    continue;
}

Gas improvements

Confirmed that the gas fees of deployments and methods slightly decreased.

#0 - H3xept

2022-04-05T07:37:39Z

Re: uint8 -> uint256

Fixed in lifinance/lifi-contracts@3c1558ef50a19cfbbdd6d616d18322dae0bef6ba

#1 - H3xept

2022-04-11T11:54:04Z

Re uintx to uint256

Duplicate of #196

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter