Platform: Code4rena
Start Date: 05/04/2022
Pot Size: $30,000 USDC
Total HM: 10
Participants: 47
Period: 3 days
Judge: gzeon
Total Solo HM: 4
Id: 106
League: ETH
Rank: 45/47
Findings: 1
Award: $42.14
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xkatana, CertoraInc, FSchmoede, Funen, IllIllI, Kenshin, Meta0xNull, TerrierLover, Tomio, csanuragjain, joshie, obront, rayn, rfa, robee, saian, securerodd, sorrynotsorry, t11s, z3s
42.1423 USDC - $42.14
< is cheaper than <=Proof of Concept: https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L146-L148 https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L171-L172
Recommended Mitigation Steps:
Change from <= to <
require(interestRate < loan.perAnumInterestRate, 'NFTLoanFacilitator: rate too high');
========================================================================
!=0 is more gas efficient than < 0Proof of Concept: https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L198 https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L321
Recommended Mitigation Steps:
Change > 0 or < 0 to != 0
========================================================================
calldata to store struct data type can save gasProof of Concept: https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L332
Recommended Mitigation Steps: Change to:
function loanInfoStruct(uint256 loanId) external view override returns (Loan calldata) {
========================================================================