Platform: Code4rena
Start Date: 01/08/2022
Pot Size: $50,000 USDC
Total HM: 26
Participants: 133
Period: 5 days
Judge: Jack the Pug
Total Solo HM: 6
Id: 151
League: ETH
Rank: 83/133
Findings: 2
Award: $62.34
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: 0x1f8b, 0x52, 0xA5DF, 0xNazgul, 0xNineDec, 0xSmartContract, 0xSolus, 0xf15ers, 0xkatana, 0xsolstars, 8olidity, Aymen0909, Bahurum, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Extropy, Funen, GalloDaSballo, Guardian, IllIllI, JC, Jujic, MEP, Noah3o6, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, Soosh, Throne6g, TomJ, Tomio, TrungOre, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, arcoun, asutorufos, ayeslick, benbaessler, berndartmueller, bin2chen, bobirichman, brgltd, bulej93, byndooa, c3phas, codexploder, cryptonue, cryptphi, defsec, delfin454000, dipp, djxploit, erictee, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, horsefacts, hyh, ignacio, indijanc, joestakey, kaden, mics, minhquanym, neumo, obront, oyc_109, p_crypt0, pfapostol, poirots, rbserver, robee, rokinot, rotcivegaf, sach1r0, saian, samruna, saneryee, scaraven, sikorico, simon135, sseefried, supernova
40.621 USDC - $40.62
Title: Different name in comment
Lending fee / lender fee?
Proof of Concept: Community.sol#L396-L397
🌟 Selected for report: c3phas
Also found by: 0x040, 0x1f8b, 0xA5DF, 0xNazgul, 0xSmartContract, 0xSolus, 0xc0ffEE, 0xkatana, 0xsam, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chinmay, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Extropy, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, Lambda, MEP, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, TomJ, Tomio, Waze, _Adam, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, ballx, benbaessler, bharg4v, bobirichman, brgltd, cryptonue, defsec, delfin454000, dharma09, djxploit, durianSausage, eierina, erictee, fatherOfBlocks, gerdusx, gogo, hake, hyh, ignacio, jag, kaden, kyteg, lucacez, mics, minhquanym, oyc_109, pfapostol, rbserver, ret2basic, robee, rokinot, sach1r0, saian, samruna, scaraven, sikorico, simon135, supernova, teddav, tofunmi, zeesaw
21.7232 USDC - $21.72
Title: Custom errors from Solidity 0.8.4 are cheaper than revert strings
Impact: Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met) while providing the same amount of information
Custom errors are defined using the error statement reference: https://blog.soliditylang.org/2021/04/21/custom-errors/
Proof of Concept: Tasks.sol#L124 Community.sol (various line)
Recommended Mitigation Steps: Replace require statements with custom errors.
Title: Default value initialization
Impact: If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0 etc depending on the data type). Explicitly initializing it with its default value is an anti-pattern and wastes gas.
Proof of Concept: Tasks.sol#L181 Community.sol#L624 Project.sol#L412
Recommended Mitigation Steps: Remove explicit initialization for default values.
Title: Using unchecked and prefix increment is more effective for gas saving:
Proof of Concept: Tasks.sol#L181 Community.sol#L624
Recommended Mitigation Steps: Change to:
for (uint256 i = 0; i < _length;) _alerts[i] = _self.alerts[i]; unchecked { ++i; } }
Title: Gas savings for using solidity 0.8.10
Proof of Concept: all contract
Recommended Mitigation Steps: Consider to upgrade pragma to at least 0.8.10.
Solidity 0.8.10 has a useful change which reduced gas costs of external calls Reference: here
Title: Using multiple require instead && can save gas
Proof of Concept: Community.sol#L353-L357 Disputes.sol#L107
Recommended Mitigation Steps:
require(_lendingNeeded >= _communityProject.totalLent, "Community::invalid lending"); require(_lendingNeeded <= IProject(_project).projectCost(), "Community::invalid lending");
Title: Comparison operators
Proof of Concept: Community.sol#L353-L357 Community.sol#L792
Recommended Mitigation Steps:
Replace <= with <, and >= with > for gas optimization
Title: Using != is more gas efficient in require statement
Proof of Concept: Community.sol#L764 Project.sol#L195 Disputes.sol#L107
Recommended Mitigation Steps:
Change to !=
require(_repayAmount != 0, "Community::!repay");
Title: Use unchecked can save gas
Proof of Concept:
Community.sol#L794 (because of require() L#792)
Community.sol#L798(because of if() L#785)
Project.sol#L427(because of if() L#425)
Project.sol#L616(because of if() L#614)
Recommended Mitigation Steps:
Use unchecked
Title: Consider make constant as private to save gas
Proof of Concept: Project.sol#L60
Recommended Mitigation Steps:
I suggest changing the visibility from public to internal or private