Back to Tomio's contests

Connext Amarok contest - Tomio's results

The interoperability protocol of L2 Ethereum.

General Information

Platform: Code4rena

Start Date: 08/06/2022

Pot Size: $115,000 USDC

Total HM: 26

Participants: 72

Period: 11 days

Judge: leastwood

Total Solo HM: 14

Id: 132

League: ETH

Connext

Findings Distribution

Researcher Performance

Rank: 63/72

Findings: 1

Award: $119.85

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryConnext

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, BowTiedWardens, ElKu, Fitraldys, Funen, Kaiziron, Lambda, Metatron, MiloTruck, Randyyy, Ruhum, SmartSek, TomJ, Tomio, UnusualTurtle, Waze, _Adam, apostle0x01, asutorufos, c3phas, catchup, csanuragjain, defsec, fatherOfBlocks, hansfriese, hyh, ignacio, joestakey, k, kaden, nahnah, oyc_109, rfa, robee, sach1r0, simon135, slywaters

Awards

119.8548 USDC - $119.85

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Title: Using SafeMath for solidity >0.8

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L45 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/AmplificationUtils.sol#L15

Recommended Mitigation Steps: it's better to remove using SafeMath for uint256 for solidity >0.8 reference: https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2465

Title: Caching length for loop can save gas

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L150

Recommended Mitigation Steps: Change to:

    uint256 Length = tokenAddresses.length;
    for (uint256 i = 0; i < Length; i++) {

Title: Using != is more gas efficient

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L150 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/SwapUtils.sol#L369

Recommended Mitigation Steps: Change to !=

    require(baseTokenPrice != 0, "invalid base token");

Title: Using unchecked and prefix increment is more effective for gas saving:

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L176 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/SwapUtils.sol#L1055

Recommended Mitigation Steps:

    for (uint256 i = 0; i < tokenAddresses.length;) {
      aggregators[tokenAddresses[i]] = AggregatorV3Interface(sources[i]);
      emit AggregatorUpdated(tokenAddresses[i], sources[i]);
    	unchecked{
        ++i; //@audit-info: Place here with unchecked
        }
      }
  }

Title: Using multiple require instead && can save gas

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/SwapUtils.sol#L397 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/SwapUtils.sol#L1007 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/StableSwap.sol#L84-L87

Recommended Mitigation Steps: Change to:

	require(tokenIndexFrom < numTokens, "Tokens must be in pool");
	require(tokenIndexTo < numTokens, "Tokens must be in pool");

Title: Reduce the size of error messages (Long revert Strings)

Impact: Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition is met. Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/LibDiamond.sol#L121 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/LibDiamond.sol#L123 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/LibDiamond.sol#L139 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/LibDiamond.sol#L141 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/LibDiamond.sol#L236

Recommended Mitigation Steps: Consider shortening the revert strings to fit in 32 bytes

Title: Custom errors from Solidity 0.8.4 are cheaper than revert strings

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/LibDiamond.sol https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/SwapUtils.sol

Recommended Mitigation Steps: I suggest replacing revert strings with custom errors. reference: https://blog.soliditylang.org/2021/04/21/custom-errors/

Title: Comparison operators

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/SwapUtils.sol#L925 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/libraries/AmplificationUtils.sol#L84-L85

Recommended Mitigation Steps: Replace <= with <, and >= with > for gas opt

Title: using delete statement can save gas

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/promise/PromiseRouter.sol#L251

Recommended Mitigation Steps: Change to:

    delete callbackFees[transferId];

Title: Gas improvement on returning sponsoredFee value

Proof of Concept: https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/Controller.sol#L121-L130

Recommended Mitigation Steps: by set sponsoredFee in returns and delete L#201 can save gas

 function reimburseLiquidityFees(
    address _token,
    uint256 _liquidityFee,
    address _receiver
  ) external override onlyConnext returns (uint256 sponsoredFee) { //@audit-info: set here
     //@audit-info: remove this line

    if (address(tokenExchanges[_token]) != address(0)) {
      uint256 currentBalance = address(this).balance;
      ITokenExchange tokenExchange = tokenExchanges[_token];

      uint256 amountIn = tokenExchange.getInGivenExpectedOut(_token, _liquidityFee);
      amountIn = currentBalance >= amountIn ? amountIn : currentBalance;

      // sponsored fee may end being less than _liquidityFee due to slippage
      sponsoredFee = tokenExchange.swapExactIn{value: amountIn}(_token, msg.sender);
    } else {
      uint256 balance = IERC20(_token).balanceOf(address(this));
      sponsoredFee = balance < _liquidityFee ? balance : _liquidityFee;

      // some ERC20 do not allow to transfer 0 amount
      if (sponsoredFee > 0) {
        IERC20(_token).safeTransfer(msg.sender, sponsoredFee);
      }
    }

    emit ReimburseLiquidityFees(_token, sponsoredFee, _receiver);

    return sponsoredFee;
  }

Title: Use of uint8 in for loop increases gas costs

Proof of Concept: https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/HopFacet.sol#L48

Recommended Mitigation Steps: Change from uint8 to uint256

Title: Prefix increments are cheaper than postfix increments.

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/facets/DiamondLoupeFacet.sol#L31

Recommended Mitigation Steps: Change i++ to ++i

Title: Use routerBalance that already been cache instead

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/facets/PortalFacet.sol#L108

Recommended Mitigation Steps: Change to:

	routerBalance -= amountIn;

Title: Using unchecked can save gas

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/facets/PortalFacet.sol#L147

Recommended Mitigation Steps: Because of the condition in L#146

unchecked{
  uint256 missing = total - amount;
}

Title: Consider make constant as private to save gas

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/facets/BridgeFacet.sol#L68

Recommended Mitigation Steps: I suggest changing the visibility from public to internal or private

Title: Declare total inside for loop can save gas

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/facets/RelayerFacet.sol#L163

Recommended Mitigation Steps: can save 3 gas

for (uint256 i; i < _transferIds.length; ) {
      uint256 totall; //@audit-info: set here
      total += s.relayerFees[_transferIds[i]];
      s.relayerFees[_transferIds[i]] = 0;
      unchecked {
        i++;
      }
    }

Title: Default value initialization

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/facets/VersionFacet.sol#L16 https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/facets/BridgeFacet.sol#L68

Recommended Mitigation Steps: Remove explicit initialization for default values.

Title: >= is cheaper than >

Impact: Strict inequalities (>) are more expensive than non-strict ones (>=). This is due to some supplementary checks (ISZERO, 3 gas)

Proof of Concept: https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/SponsorVault.sol#L256-L258

Recommended Mitigation Steps: Consider using >= instead of > to avoid some opcodes

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter