Platform: Code4rena
Start Date: 29/06/2022
Pot Size: $50,000 USDC
Total HM: 20
Participants: 133
Period: 5 days
Judge: hickuphh3
Total Solo HM: 1
Id: 142
League: ETH
Rank: 120/133
Findings: 1
Award: $21.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GalloDaSballo
Also found by: 0v3rf10w, 0x1f8b, 0xA5DF, 0xDjango, 0xHarry, 0xKitsune, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, 0xsanson, ACai, Aymen0909, Bnke0x0, BowTiedWardens, Chom, ElKu, Fitraldys, Funen, Haruxe, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Kenshin, Lambda, Limbooo, MadWookie, Metatron, MiloTruck, Picodes, PwnedNoMore, Randyyy, RedOneN, ReyAdmirado, Ruhum, Sm4rty, StErMi, StyxRave, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, Yiko, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, c3phas, cRat1st0s, catchup, codetilda, cryptphi, datapunk, defsec, delfin454000, durianSausage, exd0tpy, fatherOfBlocks, gogo, grrwahrr, hake, hansfriese, horsefacts, ignacio, jayfromthe13th, joestakey, ladboy233, m_Rassska, mektigboy, minhquanym, mrpathfindr, natzuu, oyc_109, rajatbeladiya, reassor, rfa, robee, rokinot, sach1r0, saian, sashik_eth, simon135, slywaters, swit, z3s, zeesaw, zer0dot
21.1707 USDC - $21.17
++var (--var) cost less gas than var++ (var--). post-increment/decrement cost more gas then pre-increment/decrement PuttyV2.sol line 556 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L556 for (uint256 i = 0; i < orders.length; i++) {
PuttyV2.sol line 594 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L594 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 611 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L611 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 627 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L627 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 637 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L637 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 647 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L647 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 658 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L658 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 670 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L670 for (uint256 i = 0; i < whitelist.length; i++) {
PuttyV2.sol line 728 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L728 for (uint256 i = 0; i < arr.length; i++) {
PuttyV2.sol line 742 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L742 for (uint256 i = 0; i < arr.length; i++) {
Array length should not be looked up in every loop of a for-loop. Storage array length checks incur an extra Gwarmaccess (100 gas) per loop. Store the array length in a variable and use it in the for loop helps to save gas
PuttyV2.sol line 556 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L556 for (uint256 i = 0; i < orders.length; i++) {
PuttyV2.sol line 594 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L594 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 611 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L611 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 627 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L627 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 637 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L637 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 647 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L647 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 658 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L658 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 670 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L670 for (uint256 i = 0; i < whitelist.length; i++) {
PuttyV2.sol line 728 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L728 for (uint256 i = 0; i < arr.length; i++) {
PuttyV2.sol line 742 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L742 for (uint256 i = 0; i < arr.length; i++) {
!= 0 is cheaper than >. Replace all != 0 for > 0 PuttyV2.sol line 293 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L293 require(order.baseAsset.code.length > 0, "baseAsset is not contract");
PuttyV2.sol line 327 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L327 if (weth == order.baseAsset && msg.value > 0) {
PuttyV2.sol line 351 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L351 if (weth == order.baseAsset && msg.value > 0) {
PuttyV2.sol line 427 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L427 if (weth == order.baseAsset && msg.value > 0) {
PuttyV2.sol line 498 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L498 if (fee > 0) {
PuttyV2.sol line 598 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L598 require(token.code.length > 0, "ERC20: Token is not contract");
PuttyV2.sol line 599 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L599 require(tokenAmount > 0, "ERC20: Amount too small");
DEfault value initialization. If a variable is not set/initialized, it is assumed to have the default value (0, false, ...). Explicitly initializizing it with its default value is an anti-pattern and wate gas. Change the following loops to not initilize the i variable. PuttyV2.sol line 556 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L556 for (uint256 i = 0; i < orders.length; i++) {
PuttyV2.sol line 594 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L594 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 611 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L611 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 627 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L627 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 637 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L637 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 647 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L647 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 658 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L658 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 670 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L670 for (uint256 i = 0; i < whitelist.length; i++) {
PuttyV2.sol line 728 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L728 for (uint256 i = 0; i < arr.length; i++) {
PuttyV2.sol line 742 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L742 for (uint256 i = 0; i < arr.length; i++) {
Unchecked Arithmetic. The dafault "checked" behavior cost more gas than adding/diving/etc, because under-the-hood those checs are implemented as a series of opcodes that, prior to performing the actual arithmetic, check for under/overflow and revert if its detected. Change the i++ in all the loops to add an unchecked block with the ++i
PuttyV2.sol line 556 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L556 for (uint256 i = 0; i < orders.length; i++) {
PuttyV2.sol line 594 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L594 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 611 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L611 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 627 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L627 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 637 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L637 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 647 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L647 for (uint256 i = 0; i < assets.length; i++) {
PuttyV2.sol line 658 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L658 for (uint256 i = 0; i < floorTokens.length; i++) {
PuttyV2.sol line 670 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L670 for (uint256 i = 0; i < whitelist.length; i++) {
PuttyV2.sol line 728 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L728 for (uint256 i = 0; i < arr.length; i++) {
PuttyV2.sol line 742 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L742 for (uint256 i = 0; i < arr.length; i++) {
Expressions for constant values such as a call to KECCAK256 should use IMMUTABLE rather than constant. Change it in the following lines. https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L89 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L95 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L101