Platform: Code4rena
Start Date: 23/05/2022
Pot Size: $50,000 USDC
Total HM: 44
Participants: 99
Period: 5 days
Judge: hickuphh3
Total Solo HM: 11
Id: 129
League: ETH
Rank: 87/99
Findings: 1
Award: $34.06
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, Chom, DavidGialdi, Dravee, ElKu, FSchmoede, Fitraldys, Funen, GimelSec, JC, Kaiziron, MaratCerby, Metatron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SmartSek, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, antonttc, asutorufos, berndartmueller, blackscale, blockdev, c3phas, catchup, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gzeon, hansfriese, ilan, joestakey, minhquanym, oyc_109, pauliax, pedroais, reassor, rfa, rotcivegaf, sach1r0, samruna, sashik_eth, simon135, z3s
34.0583 USDC - $34.06
Title: Set as immutable can save gas
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/peripheral_contracts/BathBuddy.sol#L31-L33 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/peripheral_contracts/TokenWithFaucet.sol#L12-L13
Recommended Mitigation Steps: can be set as immutable, which already set once in the constructor
========================================================================
Title: Using unchecked can save gas
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/peripheral_contracts/WETH9.sol#L50
Recommended Mitigation Steps:
balanceOf[msg.sender] value was checked that it's >= than wad so using unchecked can save gas:
unchecked{ balanceOf[msg.sender] -= wad; }
========================================================================
Title: Using calldata to store struct data type can save gas
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathPair.sol#L292
Recommended Mitigation Steps:
function getOfferInfo(uint256 id) internal view returns (order calldata) {
========================================================================
Title: Using storage to declare Struct variable inside function
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathPair.sol#L299 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathPair.sol#L214
Recommended Mitigation Steps:
order storage offerInfo = order(ask_amt, ask_gem, bid_amt, bid_gem);
========================================================================
Title: unnecessary variable set. the default value of bool is false
Proof of Concept: https://github.com/code-423n4/2022-05-enso/blob/main/contracts/routers/FullRouter.sol#L483
Recommended Mitigation Steps:
remove false value for gas saving
========================================================================
Title: Using multiple require instead && can save gas
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathPair.sol#L471-L477 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathPair.sol#L120-L125 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathPair.sol#L332-L336
Recommended Mitigation Steps:
require(askNumerators.length == askDenominators.length, "not all input lengths match"); require(askDenominators.length == bidNumerators.length, "not all input lengths match"); require(bidNumerators.length == bidDenominators.length, "not all input lengths match"); require(ids.length == askNumerators.length, "not all input lengths match");
========================================================================
Title: Using == true cost more gas
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathPair.sol#L148-L152 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathHouse.sol#L372 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathToken.sol#L227-L230
Recommended Mitigation Steps:
Using == true to validate bool variable is unnecessary:
require( IBathHouse(bathHouse).isApprovedStrategist(targetStrategist), "you are not an approved strategist - bathPair" );
========================================================================
Title: Using delete statement to empty maxAssets can save gas
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathToken.sol#L481 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathToken.sol#L495
Recommended Mitigation Steps:
delete maxAssets;
========================================================================
Title: Using > instead >= can save gas
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/rubiconPools/BathToken.sol#L722
Recommended Mitigation Steps:
1 second difference can be ignored to validate. using > operator can save gas
require(deadline >= block.timestamp, "bathToken: EXPIRED");
========================================================================
Title: Using != is more gas efficient
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconMarket.sol#L400 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconMarket.sol#L402 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconMarket.sol#L918 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconMarket.sol#L942
Recommended Mitigation Steps:
Change to !=
require(pay_amt != 0);
========================================================================
Title: unnecessary variable set. the default value of uint is 0
Proof of Concept: https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconMarket.sol#L990 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L82-L83 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L168
Recommended Mitigation Steps: remove 0 value
========================================================================