Back to Tomio's contests

LI.FI contest - Tomio's results

Bridge & DEX Aggregation.

General Information

Platform: Code4rena

Start Date: 24/03/2022

Pot Size: $75,000 USDC

Total HM: 15

Participants: 59

Period: 7 days

Judge: gzeon

Id: 103

League: ETH

LI.FI

Findings Distribution

Researcher Performance

Rank: 57/59

Findings: 1

Award: $65.42

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLI.FI

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, ACai, CertoraInc, FSchmoede, Funen, Hawkeye, IllIllI, Jujic, Kenshin, PPrieditis, Picodes, SolidityScan, TerrierLover, Tomio, WatchPug, catchup, csanuragjain, defsec, dimitri, hake, hickuphh3, kenta, minhquanym, obront, peritoflores, rayn, rfa, robee, saian, samruna, tchkvsky, teryanarmen, ych18

Awards

65.4185 USDC - $65.42

Labels

bug
G (Gas Optimization)
resolved

External Links

Link to GitHub issue
  1. > 0 is less efficient than != 0

Proof of Concept: https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/AnyswapFacet.sol#L92 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/NXTPFacet.sol#L98

Recommended Mitigation Steps: Change to:

require(_postSwapBalance != 0, "ERR_INVALID_AMOUNT");

========================================================================

  1. Use of uint8 in for loop increases gas costs

Proof of Concept: https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/HopFacet.sol#L48

Recommended Mitigation Steps: Change uint8 to uint256

========================================================================

  1. changing i++ to ++i can save gas

Proof of Concept: https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/HopFacet.sol#L48 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/DiamondLoupeFacet.sol#L24 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/DexManagerFacet.sol#L33

Recommended Mitigation Steps: Change i++ to ++i

========================================================================

  1. != 0 is a cheaper operation compared to > 0, when dealing with uint

Proof of Concept: https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L121 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L189 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L196 https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Libraries/LibDiamond.sol#L212

Recommended Mitigation Steps: Replace > with ! =

========================================================================

  1. the best way to use SafeERC20.function for gas opt

Proof of Concept: https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/WithdrawFacet.sol#L9

Recommended Mitigation Steps: by not declaring:

using SafeERC20 for IERC20;

and use:

SafeERC20.safeTransfer(IERC20(_assetAddress), sendTo, _amount);

========================================================================

#0 - H3xept

2022-04-01T14:43:04Z

  1. fixed by lifinance/lifi-contracts@6da5fff8550d5b1fd46c08a9133422e8e5cd4b6d

#1 - H3xept

2022-04-01T14:44:05Z

  1. We discussed this internally and decided not to implement prefix increments for now.

#2 - H3xept

2022-04-01T14:45:14Z

  1. Fixed by lifinance/lifi-contracts@3c1558ef50a19cfbbdd6d616d18322dae0bef6ba

#3 - H3xept

2022-04-11T11:11:23Z

Re > 0 is less efficient than != 0

Duplicate of #100

#4 - H3xept

2022-04-11T11:54:23Z

Re uintx to uint256

Duplicate of #196

#5 - H3xept

2022-04-11T12:02:19Z

Re prefix increments

We internally decided to avoid previx increments for now.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter