Platform: Code4rena
Start Date: 29/07/2022
Pot Size: $50,000 USDC
Total HM: 6
Participants: 75
Period: 5 days
Judge: GalloDaSballo
Total Solo HM: 3
Id: 149
League: ETH
Rank: 34/75
Findings: 2
Award: $88.02
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: oyc_109
Also found by: 0x1f8b, 0x52, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, IllIllI, JC, Lambda, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Twpony, Waze, Yiko, __141345__, ajtra, apostle0x01, ashiq0x01, asutorufos, bardamu, benbaessler, berndartmueller, bharg4v, bulej93, c3phas, cccz, ch13fd357r0y3r, codexploder, cryptonue, cryptphi, defsec, djxploit, durianSausage, fatherOfBlocks, gogo, hansfriese, horsefacts, ignacio, kyteg, lucacez, mics, rbserver, robee, sashik_eth, simon135, sseefried, tofunmi, xiaoming90
56.8019 USDC - $56.80
#1 Missing indexed field refundAddress
Each event should use three indexed fields if there are three or more fields. add indexed in refundAddress.
#2 Missing contract check before low level call
Low-level calls return success if there is no code present at the specified address. In addition to the zero-address checks, add a check to verify that <address>.code.length > 0
#3 Missing check for address when assign values to state variable of address
add simple check for address to ensure address not 0.
#4 Missing check TokenAddress cant be zero
to transfer some token the receiver address must be exist. add simple check for receiver address to ensure address not 0.
#5 Multiple mappings can be combined into a single mapping an address to struct
make the address mapping to a struct
#6 use recently pragma solidity
Use a solidity version of at least 0.8.12 to get string.concat() to be used instead of abi.encodePacked(<str>,<str>)
#0 - GalloDaSballo
2022-09-04T21:03:36Z
NC
L
L
Disputed as lists are separate
NC
2L 2NC
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0xNazgul, 0xsam, 8olidity, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, JC, Lambda, MiloTruck, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, benbaessler, bharg4v, bulej93, c3phas, defsec, djxploit, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, kyteg, lucacez, medikko, mics, owenthurm, oyc_109, rbserver, robee, sashik_eth, simon135, tofunmi
31.222 USDC - $31.22
#1 Cache the authModule.code.length and tokenDeployerImplementation.code.length
cache the authModule.code.length and tokenDeployerImplementation.code.length to the memory can reduce the gas fee. because mload is cheaper than sload.
#2 Cache limits.length
cache the limits.length to the memory can reduce the gas fee. because mload is cheaper than sload.
#3 cache symbols.length
cache the symbols.length because it use multiple times. read the mload are cheaper than sload
#4 Looping
default uint is 0 so remove unnecassary explicit can reduce gas. caching the array length can reduce gas it caused access to a local variable is more cheap than query storage / calldata / memory in solidity. pre increment e.g ++i more cheaper gas than post increment e.g i++. i suggest to use pre increment.
#5 Cache setupParams.length
cache the setupParams.length to the memory can reduce the gas fee. because mload is cheaper than sload.
#6 Use calldata instead memory
In the external functions where the function argument is read-only, the function() has an inputed parameter that using memory, if this function didnt change the parameter, its cheaper to use calldata then memory. so we suggest to change it
#7 Cache commands.length and params.length
cache the commands.length and params.length to the memory can reduce the gas fee. because mload is cheaper than sload.
#8 Use storage instead memory
Use storage instead of memory to reduce the gas fee. i suggest to change this.
#9 Cache symbolBytes.length
cache the symbolBytes.length to the memory can reduce the gas fee. because mload is cheaper than sload.
#10 inefficient code Epoch
inefficient in coding epoch just change this to saving more gas
uint256 epoch = currentEpoch + 1; currentEpoch = epoch;
to
uint256 currentEpoch += 1;
#11 Default uint
the default value of uint is 0, so remove unnecassary explicit code initializations for default values e.g uint i = 0; to uint i;.
#12 Caching LocalAsset(xc20Token)
cache the LocalAsset(xc20Token) because it use multiple times. read the mload are cheaper than sload
#0 - GalloDaSballo
2022-08-25T01:42:12Z
This has got to be a bot submission, the length is the length of the code
300 for the loops, rest is honestly just wrong
#1 - GalloDaSballo
2022-08-25T01:42:23Z
Will penalize this submission down to 100 gas
#2 - GalloDaSballo
2022-08-25T01:43:00Z