Back to asutorufos's contests

Putty contest - asutorufos's results

An order-book based american options market for NFTs and ERC20s.

General Information

Platform: Code4rena

Start Date: 29/06/2022

Pot Size: $50,000 USDC

Total HM: 20

Participants: 133

Period: 5 days

Judge: hickuphh3

Total Solo HM: 1

Id: 142

League: ETH

Putty

Findings Distribution

Researcher Performance

Rank: 116/133

Findings: 1

Award: $21.17

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPutty

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0v3rf10w, 0x1f8b, 0xA5DF, 0xDjango, 0xHarry, 0xKitsune, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, 0xsanson, ACai, Aymen0909, Bnke0x0, BowTiedWardens, Chom, ElKu, Fitraldys, Funen, Haruxe, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Kenshin, Lambda, Limbooo, MadWookie, Metatron, MiloTruck, Picodes, PwnedNoMore, Randyyy, RedOneN, ReyAdmirado, Ruhum, Sm4rty, StErMi, StyxRave, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, Yiko, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, c3phas, cRat1st0s, catchup, codetilda, cryptphi, datapunk, defsec, delfin454000, durianSausage, exd0tpy, fatherOfBlocks, gogo, grrwahrr, hake, hansfriese, horsefacts, ignacio, jayfromthe13th, joestakey, ladboy233, m_Rassska, mektigboy, minhquanym, mrpathfindr, natzuu, oyc_109, rajatbeladiya, reassor, rfa, robee, rokinot, sach1r0, saian, sashik_eth, simon135, slywaters, swit, z3s, zeesaw, zer0dot

Awards

21.1705 USDC - $21.17

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

G001 - Don't Initialize Variables with Default Value Uninitialized variables are assigned with the types default value.

Explicitly initializing a variable with it's default value costs unnecesary gas. Puttyv2.sol L#556

[Puttyv2.sol L#594]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-address%20token%20%3D

[Puttyv2.sol L#611]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=from)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-ERC721(assets%5Bi%5D.token

[Puttyv2.sol L#627]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20floorTokens.length%3B%20i%2B%2B)%20%7B,-ERC721(floorTokens%5Bi%5D).safeTransferFrom(from

[Puttyv2.sol L#637]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-ERC20(assets%5Bi

[Puttyv2.sol L#647]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=assets)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-ERC721(assets%5Bi%5D.token

[Puttyv2.sol L#658]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=floorTokenIds)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20floorTokens.length%3B%20i%2B%2B)%20%7B,-ERC721(floorTokens%5Bi%5D).

[Puttyv2.sol L#670]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20whitelist.length%3B%20i%2B%2B)%20%7B

[Puttyv2.sol L#728]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=function%20encodeERC20Assets(,i%2B%2B)%20%7B

[Puttyv2.sol L#741]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=function%20encodeERC721Assets(,i%2B%2B)%20%7B

G002 - Cache Array Length Outside of Loop Caching the array length outside a loop saves reading it on each iteration, as long as the array's length is not changed during the loop. Puttyv2.sol L#556

[Puttyv2.sol L#594]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-address%20token%20%3D

[Puttyv2.sol L#611]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=from)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-ERC721(assets%5Bi%5D.token

[Puttyv2.sol L#627]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20floorTokens.length%3B%20i%2B%2B)%20%7B,-ERC721(floorTokens%5Bi%5D).safeTransferFrom(from

[Puttyv2.sol L#637]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-ERC20(assets%5Bi

[Puttyv2.sol L#647]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=assets)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20assets.length%3B%20i%2B%2B)%20%7B,-ERC721(assets%5Bi%5D.token

[Puttyv2.sol L#658]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=floorTokenIds)%20internal%20%7B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20floorTokens.length%3B%20i%2B%2B)%20%7B,-ERC721(floorTokens%5Bi%5D).

Puttyv2.sol L#670

[Puttyv2.sol L#728]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=function%20encodeERC20Assets(,i%2B%2B)%20%7B

[Puttyv2.sol L#742]https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#:~:text=function%20encodeERC721Assets(,i%2B%2B)%20%7B

G03 - Unnecessary checked arithmetic in for loop Using Solidity's unchecked block saves the overflow checks.

The for loops in G-02 can use unchecked.

G-04 ++I COSTS LESS GAS THAN I++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS (--I/I-- TOO) The for loops link in G-02 can use ++i

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter