Platform: Code4rena
Start Date: 29/07/2022
Pot Size: $50,000 USDC
Total HM: 6
Participants: 75
Period: 5 days
Judge: GalloDaSballo
Total Solo HM: 3
Id: 149
League: ETH
Rank: 67/75
Findings: 1
Award: $31.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0xNazgul, 0xsam, 8olidity, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, JC, Lambda, MiloTruck, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, benbaessler, bharg4v, bulej93, c3phas, defsec, djxploit, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, kyteg, lucacez, medikko, mics, owenthurm, oyc_109, rbserver, robee, sashik_eth, simon135, tofunmi
31.8812 USDC - $31.88
Title: Gas savings for using solidity 0.8.10
Proof of Concept: all contract
Recommended Mitigation Steps: Consider to upgrade pragma to at least 0.8.10.
Solidity 0.8.10 has a useful change which reduced gas costs of external calls Reference: here
Title: abi.encode() is less efficient than abi.encodePacked()
Proof of Concept: AxelarAuthWeighted.sol#L32
Title: Default value initialization
Impact: If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0 etc depending on the data type). Explicitly initializing it with its default value is an anti-pattern and wastes gas.
Proof of Concept: AxelarAuthWeighted.sol#L68-L69 AxelarAuthWeighted.sol#L94-L98
Recommended Mitigation Steps: Remove explicit initialization for default values.
Title: Using unchecked and prefix increment is more effective for gas saving:
Proof of Concept: AxelarAuthWeighted.sol#L69 AxelarAuthWeighted.sol#L98 AxelarDepositService.sol#L114 AxelarDepositService.sol#L168 AxelarDepositService.sol#L204 AxelarGasService.sol#L123
Recommended Mitigation Steps: Change to:
for (uint256 i = 0; i < weightsLength;) { // ... unchecked { ++i; } }
Title: Cheaper to use ++ instead + 1
Proof of Concept: https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L636
Recommended Mitigation Steps:
uint256 epoch = ++currentEpoch;
Title: Caching length for loop can save gas
Proof of Concept: AxelarDepositService.sol#L114 AxelarDepositService.sol#L168 AxelarDepositService.sol#L204 AxelarAuthWeighted.sol#L116 AxelarGasService.sol#L123
Recommended Mitigation Steps: Change to:
uint256 Length = refundTokens.length; for (uint256 i; i < Length; i++) {
Title: Comparison operators
Proof of Concept: AxelarAuthWeighted.sol#L117
Recommended Mitigation Steps:
Replace <= with <, and >= with > for gas optimization
Title: Expression for constant values such as a call to keccak256(), should use immutable rather than constant
Proof of Concept: AxelarGateway.sol#L27-L43
Recommended Mitigation Steps:
Change from constant to immutable
reference: here
#0 - re1ro
2022-08-05T05:41:40Z
Good spot
Not applicable abi.encode() is less secure than abi.encodePacked()
Dup #2
Dup #113
#1 - GalloDaSballo
2022-08-23T01:13:37Z
Nope, constant / immutable save the same gas (except minor gas during deployment) https://twitter.com/GalloDaSballo/status/1543729080926871557
Rest will save less than 300 gas