Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $75,000 USDC
Total HM: 16
Participants: 100
Period: 7 days
Judge: LSDan
Total Solo HM: 7
Id: 145
League: ETH
Rank: 53/100
Findings: 2
Award: $119.44
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 8olidity, Aussie_Battlers, Bnke0x0, Ch_301, Critical, Deivitto, Dravee, ElKu, Funen, GimelSec, JC, JohnSmith, Lambda, MiloTruck, PwnedNoMore, ReyAdmirado, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, TomJ, Waze, _Adam, __141345__, alan724, asutorufos, benbaessler, berndartmueller, bin2chen, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, cryptphi, csanuragjain, delfin454000, dxdv, exd0tpy, fatherOfBlocks, gogo, hake, hyh, joestakey, kyteg, lcfr_eth, minhtrng, p_crypt0, pashov, pedr02b2, philogy, rajatbeladiya, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, seyni, simon135, svskaushik, zuhaibmohd, zzzitron
79.4817 USDC - $79.48
decrease readibility.
Manual Review
change word iff to if.
parameter has a natspec comment which is missing the i1 and i2 function parameter.
Manual review
add natspec comment on parameter in the function parameter i1 and i2.
the contract have 2 function with similiar name with different parameter and it may introduces error in the future refactoring and review ot the code.
Remix
Prevent the function similiar name. we would to suggest verifyRRSet and _verifyRRSet.
the code can't be running
Remix
Add pragma solidity >=0.8.4;
parameter has a natspec comment which is missing the resolver function parameter.
Remix
add natspec comment on parameter in the function parameter resolver.
metadataService can't be initialized
Remix
add immutable in metadataService to initilize the state.
event is missing indexed fields.
Manual Review
Add indexed at owner.
parameter has a natspec comment which is missing the expiry function parameter.
Remix
add natspec comment on parameter in the function parameter expiry.
🌟 Selected for report: 0xKitsune
Also found by: 0x040, 0x1f8b, 0x29A, 0xNazgul, 0xNineDec, 0xsam, 8olidity, Aussie_Battlers, Aymen0909, Bnke0x0, CRYP70, Ch_301, Chom, Deivitto, Dravee, ElKu, Fitraldys, Funen, GimelSec, IllIllI, JC, JohnSmith, Lambda, MiloTruck, Noah3o6, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, _Adam, __141345__, ajtra, ak1, arcoun, asutorufos, benbaessler, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, delfin454000, durianSausage, fatherOfBlocks, gogo, hake, hyh, joestakey, karanctf, kyteg, lcfr_eth, lucacez, m_Rassska, rajatbeladiya, rbserver, robee, rokinot, sach1r0, sahar, samruna, sashik_eth, seyni, simon135, zuhaibmohd
39.9648 USDC - $39.96
#1 cache the array length
cache the array length to reduce the gas fee because mload is cheaper than sload.
function readUint16(bytes memory self, uint idx) internal pure returns (uint16 ret) { uint256 length = self.length; // add code (+) require(idx + 2 <= length); assembly { ret := and(mload(add(add(self, 2), idx)), 0xFFFF) }
apply to others.
#2 default uint
the default value of uint is 0, so remove unnecassary explicit code initializations for default values e.g uint i = 0; to uint i;.
#3 looping
default uint is 0 so remove unnecassary explicit can reduce gas. caching the array length can reduce gas it caused access to a local variable is more cheap than query storage / calldata / memory in solidity. pre increment e.g ++i more cheaper gas than post increment e.g i++. i suggest to use pre increment.
#4 pre increment
pre increment e.g ++i more cheaper gas than post increment e.g i++. i suggest to use pre increment.
for(uint256 idx = off; idx < off + len; ++idx) {
apply to others.
#5 make it private or internal
change visibility from public to private or internal can save gas. so i recommend to change it.
#6 use storage instead memory
Use storage instead of memory to reduce the gas fee. i suggest to change from e.g
uint256[] memory batchBalances = new uint256[](accounts.length);
to
uint256[] storage batchBalances = new uint256[](accounts.length);
apply to others.
#7 use calldata instead memory
In the external functions where the function argument is read-only, the function() has an inputed parameter that using memory, if this function didnt change the parameter, its cheaper to use calldata then memory. so we suggest to change it. e.g
function validateSignedSet(RRSetWithSignature memory input, bytes memory proof, uint256 now) internal view returns(RRUtils.SignedSet memory rrset) {
to
function validateSignedSet(RRSetWithSignature calldata input, bytes calldata proof, uint256 now) internal view returns(RRUtils.SignedSet calldata rrset) {
apply to others.
#8 reduce string
reduce string size of error message to bytes32 can reduce the gas fee. reduce these if possible.
#9 use error instead string error messege
use custom error can reduce the gas fee. it compatible in solidity 0.8.4 above