Back to arcoun's contests

ENS contest - arcoun's results

Decentralised naming for wallets, websites, & more.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $75,000 USDC

Total HM: 16

Participants: 100

Period: 7 days

Judge: LSDan

Total Solo HM: 7

Id: 145

League: ETH

ENS

Findings Distribution

Researcher Performance

Rank: 97/100

Findings: 1

Award: $39.86

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryENS

Findings Information

🌟 Selected for report: 0xKitsune

Also found by: 0x040, 0x1f8b, 0x29A, 0xNazgul, 0xNineDec, 0xsam, 8olidity, Aussie_Battlers, Aymen0909, Bnke0x0, CRYP70, Ch_301, Chom, Deivitto, Dravee, ElKu, Fitraldys, Funen, GimelSec, IllIllI, JC, JohnSmith, Lambda, MiloTruck, Noah3o6, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, _Adam, __141345__, ajtra, ak1, arcoun, asutorufos, benbaessler, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, delfin454000, durianSausage, fatherOfBlocks, gogo, hake, hyh, joestakey, karanctf, kyteg, lcfr_eth, lucacez, m_Rassska, rajatbeladiya, rbserver, robee, rokinot, sach1r0, sahar, samruna, sashik_eth, seyni, simon135, zuhaibmohd

Awards

39.8564 USDC - $39.86

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas Optimizations in computeKeytag

Description

In the RRUtils library, the computeKeytag() function adds an extra loop which is not necessary. This can be easily modified to save gas.

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/RRUtils.sol#L310

The loop condition is currently 'i < data.length + 31'. The '+ 31' was probably added to handle partial data at the end of the key but this is not correct and will add an extra loop most of the time (except for data.length % 32 == 1 which is very unusual).

The loop condition can be safely changed to 'i < data.length' to save gas on the extra loop and the addition in the test.

In the same function, data.length is frequently accessed while being constant. It is recommended to get it only once at the begining of the function to save gas on length calculation.

diff --git a/contracts/dnssec-oracle/RRUtils.sol b/contracts/dnssec-oracle/RRUtils.sol
index edbca2d..571b78d 100644
--- a/contracts/dnssec-oracle/RRUtils.sol
+++ b/contracts/dnssec-oracle/RRUtils.sol
@@ -304,16 +304,17 @@ library RRUtils {
          * and the remaining sums can be done just on ac1.
          */
         unchecked {
-            require(data.length <= 8192, "Long keys not permitted");
+            uint dlen = data.length;
+            require(dlen <= 8192, "Long keys not permitted");
             uint ac1;
             uint ac2;
-            for(uint i = 0; i < data.length + 31; i += 32) {
+            for(uint i; i < dlen; i += 32) {
                 uint word;
                 assembly {
                     word := mload(add(add(data, 32), i))
                 }
-                if(i + 32 > data.length) {
-                    uint unused = 256 - (data.length - i) * 8;
+                if(i + 32 > dlen) {
+                    uint unused = 256 - (dlen - i) * 8;
                     word = (word >> unused) << unused;
                 }
                 ac1 += (word & 0xFF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00) >> 8;

For a 4096b key, this will save 426 gas per call.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter