Back to Tomio's contests

Nested Finance contest - Tomio's results

The one-stop Defi app to build, manage and monetize your portfolio.

General Information

Platform: Code4rena

Start Date: 10/02/2022

Pot Size: $30,000 USDC

Total HM: 5

Participants: 24

Period: 3 days

Judge: harleythedog

Total Solo HM: 3

Id: 86

League: ETH

Nested Finance

Findings Distribution

Researcher Performance

Rank: 17/24

Findings: 1

Award: $121.76

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNested Finance

Findings Information

🌟 Selected for report: pauliax

Also found by: 0x1f8b, Dravee, GreyArt, Omik, ShippooorDAO, Tomio, bobi, cmichel, csanuragjain, defsec, gzeon, kenta, kenzo, m_smirnova2020, rfa, robee, sirhashalot, ye0lde

Awards

121.765 USDC - $121.76

Labels

bug
G (Gas Optimization)
sponsor confirmed

External Links

Link to GitHub issue
  1. considered using require instead of && can save gas https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L123 // gas cost 35473

Change to:

require(accountsLength != 0);
require (accountsLength == _weights.length, "FS: INPUTS_LENGTH_MUST_MATCH");

// gas cost 35465

========================================================================

  1. considered add unchecked can save gas https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L327 // gas cost 22798

add unchecked

unchecked {
return (_amount * _weight) / _totalWeights;
}

// gas cost 22440

========================================================================

  1. avoid unnecessary i = 0 because the default of uint is already 0 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L126

considered removing 0 value can save gas

========================================================================

  1. SafeERC20 Gas Optimization https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L19 by not declaring this
using SafeERC20 for IERC20;

and for example, use this:

SafeERC20.safeTransfer(IERC20(_inputToken)_msgSender(), _amountToSpend - amounts[1]);

========================================================================

  1. just read it directly to storage can save gas https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L279 // gas cost 24794

Change to:

Shareholder[] storage shareholdersCache = shareholders;

// gas cost 24684

========================================================================

  1. the original function will return 0 which a default value for uint256 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L216 // gas cost 24940

Change to:

     function getAmountDue(address _account, IERC20 _token) public view returns (uint256) {
        TokenRecords storage _tokenRecords = tokenRecords[address(_token)];
        if (_tokenRecords.totalShares != 0) {

        uint256 totalReceived = _tokenRecords.totalReleased + _token.balanceOf(address(this));
        return
            (totalReceived * _tokenRecords.shares[_account]) /
            _tokenRecords.totalShares -
            _tokenRecords.released[_account];
        }
    }

// gas cost 24919

========================================================================

#0 - adrien-supizet

2022-02-16T12:49:41Z

  1. confirmed
  2. already acknowledged in the first audit -> disputed
  3. disputed, this change makes no difference
  4. confirmed, see POC: e59dfe4dd55326867489fbd2ef53899a56eb37d4
  5. disputed, this actually increases gas consumption
  6. acknowledged

#1 - harleythedogC4

2022-03-13T04:03:25Z

My personal judgments:

  1. "considered using require instead of && can save gas". Valid and small-optimization.
  2. "considered add unchecked can save gas". Agree with sponsor. Invalid.
  3. "avoid unnecessary i = 0 because the default of uint is already 0". This arose in the previous contest. Invalid.
  4. "SafeERC20 Gas Optimization". Valid and small-optimization.
  5. "just read it directly to storage can save gas". Seems like it can either decrease or increase gas usage depending on the array. Invalid.
  6. "the original function will return 0 which a default value for uint256". Valid and small-optimization.

#2 - harleythedogC4

2022-03-13T06:23:00Z

Now, here is the methodology I used for calculating a score for each gas report. I first assigned each submission to be either small-optimization (1 point), medium-optimization (5 points) or large-optimization (10 points), depending on how useful the optimization is. The score of a gas report is the sum of these points, divided by the maximum number of points achieved by a gas report. This maximum number was 10 points, achieved by #67.

The number of points achieved by this report is 3 points. Thus the final score of this gas report is (3/10)*100 = 30.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter