Platform: Code4rena
Start Date: 27/10/2022
Pot Size: $33,500 USDC
Total HM: 8
Participants: 96
Period: 3 days
Judge: kirk-baird
Total Solo HM: 1
Id: 176
League: ETH
Rank: 28/96
Findings: 2
Award: $143.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: robee
Also found by: 0x007, 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 8olidity, Awesome, B2, Bnke0x0, Chom, Diana, Dravee, JTJabba, Jeiwan, Josiah, Lambda, Mathieu, Picodes, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Ruhum, Sm4rty, Tricko, Trust, Waze, __141345__, a12jmx, adriro, ajtra, brgltd, c3phas, carlitox477, cccz, ch0bu, chaduke, chrisdior4, corerouter, cryptonue, csanuragjain, ctf_sec, cylzxje, delfin454000, dic0de, djxploit, horsefacts, imare, jayphbee, jwood, ktg, ladboy233, leosathya, lukris02, minhtrng, neko_nyaa, oyc_109, pashov, peritoflores, rbserver, rvierdiiev, shark, tnevler, yixxas
19.6449 USDC - $19.64
Add check for address(0x0)
Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (threefields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.
The project is using the solidity version 0.8.10. It's a best practice to use the latest release version. You can consult it in the following link
Update the solidity version to 0.8.17
WardenPledge.sol#L206 WardenPledge.sol#L307 WardenPledge.sol#L373 WardenPledge.sol#L419 WardenPledge.sol#L456 WardenPledge.sol#L488
#0 - c4-judge
2022-11-12T01:13:18Z
kirk-baird marked the issue as grade-b
🌟 Selected for report: c3phas
Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler
123.8403 USDC - $123.84
When retrieving data from a memory location, assigning the data to a memory variable causes all fields of the struct/array to be read from memory, resulting in a Gcoldsload (2100 gas) for each field of the struct/array. When reading fields from new memory variables, they cause an extra MLOAD instead of a cheap stack read. Rather than declaring a variable with the memory keyword, it is much cheaper to declare a variable with the storage keyword and cache all fields that need to be read again in a stack variable, because the fields actually read will only result in a Gcoldsload. The only case where the entire struct/array is read into a memory variable is when the entire struct/array is returned by a function, passed to a function that needs memory, or when the array/struct is read from another store array/struc
In the following example (optimizer = 10000) it's possible to demostrate that I = I + X cost less gas than I += X in state variable.
contract Test_Optimization { uint256 a = 1; function Add () external returns (uint256) { a = a + 1; return a; } } contract Test_Without_Optimization { uint256 a = 1; function Add () external returns (uint256) { a += 1; return a; } }
With this optimization it's possible to save 116 gas
WardenPledge.sol#L268 WardenPledge.sol#L340 WardenPledge.sol#L401 WardenPledge.sol#L445
If emit the event before assign de value to the local variable we can save to use the local variable and remove it.
function updateChest(address chest) external onlyOwner { if(chest == address(0)) revert Errors.ZeroAddress(); - address oldChest = chestAddress; + emit ChestUpdated(chestAddress, chest); chestAddress = chest; - emit ChestUpdated(oldChest, chest); }
function updateMinTargetVotes(uint256 newMinTargetVotes) external onlyOwner { if(newMinTargetVotes == 0) revert Errors.InvalidValue(); - uint256 oldMinTarget = minTargetVotes; + emit MinTargetUpdated(minTargetVotes, newMinTargetVotes); minTargetVotes = newMinTargetVotes; - emit MinTargetUpdated(oldMinTarget, newMinTargetVotes); }
function updatePlatformFee(uint256 newFee) external onlyOwner { if(newFee > 500) revert Errors.InvalidValue(); - uint256 oldfee = protocalFeeRatio; + emit PlatformFeeUpdated(protocalFeeRatio, newFee); protocalFeeRatio = newFee; - emit PlatformFeeUpdated(oldfee, newFee); }
When use >= the evm use only LT and when use > the evm use GT and ISZERO what allow to save 3 gas for each instance.
WardenPledge.sol#L207 WardenPledge.sol#L234 WardenPledge.sol#L245 WardenPledge.sol#L267 WardenPledge.sol#L329 WardenPledge.sol#L330 WardenPledge.sol#L389 WardenPledge.sol#L390 WardenPledge.sol#L434 WardenPledge.sol#L435 WardenPledge.sol#L463 WardenPledge.sol#L666
Avoids a Gsset (20000 gas) in the constructor, and replaces the first access in each transaction (Gcoldsload - 2100 gas) and each access thereafter (Gwarmacces - 100 gas) with a PUSH32 (3 gas).
#0 - c4-judge
2022-11-12T01:11:44Z
kirk-baird marked the issue as grade-b
#1 - c4-judge
2022-11-12T01:12:03Z
kirk-baird marked the issue as grade-a