Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $50,000 USDC
Total HM: 15
Participants: 120
Period: 5 days
Judge: Justin Goro
Total Solo HM: 6
Id: 153
League: ETH
Rank: 41/120
Findings: 2
Award: $68.33
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0x1f8b
Also found by: 0x52, 0xA5DF, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xmatt, 0xsolstars, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, EthLedger, Funen, IllIllI, JC, Junnon, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, SaharAP, Sm4rty, SooYa, The_GUILD, TomJ, Waze, Yiko, _Adam, __141345__, a12jmx, ak1, asutorufos, auditor0517, ayeslick, ballx, beelzebufo, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, cccz, cryptonue, cryptphi, d3e4, delfin454000, dipp, djxploit, durianSausage, dy, erictee, fatherOfBlocks, gogo, gzeon, hyh, ignacio, kyteg, ladboy233, medikko, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, simon135, sryysryy, tabish, yac, yash90, zzzitron
46.6022 USDC - $46.60
#1 Missing natspec comment toShares
toShares() was missing natspec comment. add natspec comment to toShares() to give knowledge to the user about the function and params
#2 Missing natspec comment toAmount
toAmount() was missing natspec comment. add natspec comment to toAmount() to give knowledge to the user about the function and params
#3 Missing indexed field
Each event should use three indexed fields if there are three or more fields. add indexed in _swapperAddress.
#4 Typo
typo can decrease readibility so to increase it fix the typo from approcal to approval.
#5 Missing immutable
the state CIRCUIT_BREAKER_ADDRESS, COMPTROLLER_ADDRESS and TIME_LOCK_ADDRESS can't be initialize by constructor. the constructor parameter mention state CIRCUIT_BREAKER_ADDRESS, COMPTROLLER_ADDRESS and TIME_LOCK_ADDRESSS to initialize. so i suggest to add immutable on CIRCUIT_BREAKER_ADDRESS, COMPTROLLER_ADDRESS and TIME_LOCK_ADDRESS.
#6 Made to a struct
for mapping that have same location of mapping (address => bool) can be compacted to aWhitelist struct
#7 Unbounded loop an array can lead DOS
As this array can grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all.
#8 Missing check for immutable address
constructor have four params address, so to avoid vulnerability we suggest to consider add simple checkaddress(0) for the params
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xNazgul, 0xSmartContract, 0xackermann, 0xbepresent, 0xc0ffEE, 0xkatana, 2997ms, Amithuddar, Aymen0909, Bnke0x0, Chinmay, Chom, CodingNameKiki, Deivitto, Diraco, Dravee, ElKu, EthLedger, Fitraldys, Funen, IgnacioB, JC, Junnon, Lambda, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, Randyyy, ReyAdmirado, Rohan16, Rolezn, Ruhum, SaharAP, Sm4rty, SooYa, TomJ, Tomio, Waze, Yiko, _Adam, __141345__, a12jmx, ajtra, ak1, asutorufos, ballx, brgltd, c3phas, cRat1st0s, carlitox477, chrisdior4, d3e4, delfin454000, dharma09, djxploit, durianSausage, erictee, fatherOfBlocks, find_a_bug, flyx, francoHacker, gerdusx, gogo, gzeon, hakerbaya, ignacio, jag, kyteg, ladboy233, ltyu, m_Rassska, medikko, mics, mrpathfindr, newfork01, nxrblsrpr, oyc_109, pfapostol, rbserver, reassor, ret2basic, robee, sach1r0, saian, simon135, sryysryy, zeesaw
21.7277 USDC - $21.73
#1 data.length should be cached
cache the data.length to the local because use multiple times for saving the gas fee. because mload is cheaper than sload.
#2 Default uint
default value uint is 0 so remove unnecassary explicit value can reduce gas.
#3 Increment
pre increment e.g ++i more cheaper gas than post increment e.g i++. i suggest to use pre increment.
#4 Use ++ instead i + 1
use ++i instead of i = i + 1 for increment can save the gas about 9 gas. example from shares = shares +1 to ++shares
#5 Use require instead &&
use require instead && can save the gas because simply logic when code was executed so i suggest to change from
require( _minInterest < MAX_INT && _minInterest <= _vertexInterest && _minInterest >= MIN_INT, "LinearInterestRate: _minInterest < MAX_INT && _minInterest <= _vertexInterest && _minInterest >= MIN_INT"
to
require(_minInterest < MAX_INT, "LinearInterestRate: _minInterest < MAX_INT"); require(_minInterest <= _vertexInterest, ""LinearInterestRate: _minInterest <= _vertexInterest"); require(_minInterest >= MIN_INT, ""LinearInterestRate: _minInterest <= MIN_INT");
apply to others.
#6 Loop
default uint is 0 so remove unnecassary explicit can reduce gas. caching the array length can reduce gas it caused access to a local variable is more cheap than query storage / calldata / memory in solidity. pre increment e.g ++i more cheaper gas than post increment e.g i++. i suggest to use pre increment.
#7 bytes(_name).length should get cached name
cache the bytes(_name).length to the local for saving the gas fee. because mload is cheaper than sload.
#8 bytes(nameOfContract).length should get cached name kf cintract
cache the bytes(nameOfContract).length to the local saving the gas fee. because mload is cheaper than sload.
#9 Use Storage instead memory
Use storage instead of memory to reduce the gas fee. i suggest to change this.
#10 SSTORE2.read should get cached
cache the SSTORE2.read to the local because use multiple times for saving the gas fee. because mload is cheaper than sload.
#11 Use Calldata instead memory
When arguments are read-only on external functions, the function() has an inputed parameter that using memory, if this function didnt change the parameter, its cheaper to use calldata then memory. so we suggest to change it.
#12 Reduce the string
Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition is met. Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.
#13 Use custom revert string
Custom errors from Solidity 0.8.0 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met)
#14 use !=0 instead >0
!= 0 costs less gas compared to > 0 for unsigned integers in require statements with the optimizer enabled (6 gas)