Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $75,000 USDC
Total HM: 16
Participants: 100
Period: 7 days
Judge: LSDan
Total Solo HM: 7
Id: 145
League: ETH
Rank: 45/100
Findings: 3
Award: $124.29
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: rajatbeladiya
Also found by: 0x29A, 0xNineDec, Amithuddar, Aussie_Battlers, Ch_301, Dravee, GimelSec, IllIllI, Jujic, Limbooo, RedOneN, Ruhum, TomJ, _Adam, __141345__, alan724, asutorufos, berndartmueller, c3phas, cccz, cryptphi, durianSausage, fatherOfBlocks, hake, hyh, pashov, scaraven, zzzitron
5.45 USDC - $5.45
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#:~:text=%2B%20price.premium))%20%7B-,payable(msg.sender).transfer(,-msg.value#L183 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#:~:text=payable(msg.sender).transfer(msg.value%20%2D%20price.base)%3B#L204 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#:~:text=registrar.transferFrom(registrant%2C%20address(this)%2C%20tokenId)%3B#L231
The use of the deprecated transfer() function for an address will inevitably make the transaction fail when:
The claimer smart contract does not implement a payable function. The claimer smart contract does implement a payable fallback which uses more than 2300 gas unit. The claimer smart contract implements a payable fallback function that needs less than 2300 gas units but is called through proxy, raising the callโs gas usage above 2300. Additionally, using higher than 2300 gas might be mandatory for some multisig wallets.## Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. ETHRegistrarController.sol L#211
ETHRegistrarController.sol L#183
ETHRegistrarController.sol L#204
Manual review
Used call instead.
(bool success, ) = msg.sender.call{amount}(""); require(success, "Transfer failed.");
#0 - jefflau
2022-07-22T09:48:21Z
Duplicate of #133
๐ Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 8olidity, Aussie_Battlers, Bnke0x0, Ch_301, Critical, Deivitto, Dravee, ElKu, Funen, GimelSec, JC, JohnSmith, Lambda, MiloTruck, PwnedNoMore, ReyAdmirado, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, TomJ, Waze, _Adam, __141345__, alan724, asutorufos, benbaessler, berndartmueller, bin2chen, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, cryptphi, csanuragjain, delfin454000, dxdv, exd0tpy, fatherOfBlocks, gogo, hake, hyh, joestakey, kyteg, lcfr_eth, minhtrng, p_crypt0, pashov, pedr02b2, philogy, rajatbeladiya, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, seyni, simon135, svskaushik, zuhaibmohd, zzzitron
78.881 USDC - $78.88
L-1 USE OF FLOATING PRAGMA While floating pragmas make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations.
A known vulnerable compiler version may accidentally be selected or security tools might fall-back to an older compiler version ending up checking a different EVM compilation that is ultimately deployed on the blockchain. ERC1155Fuse.sol L#2 NameWrapper.sol L#2 Controllable.sol L#2
L-2 EVENTS NOT EMITTED FOR IMPORTANT STATE CHANGES When changing state variables events are not emitted. Emitting events allows monitoring activities with off-chain monitoring tools.
N-1 Unused named returns Using both named returns and a return statement isnโt necessary. Removing one of those can improve code clarity: [NameWrapper.sol L#825]https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#:~:text=function%20_getDataAndNormaliseExpiry(,%7D
๐ Selected for report: 0xKitsune
Also found by: 0x040, 0x1f8b, 0x29A, 0xNazgul, 0xNineDec, 0xsam, 8olidity, Aussie_Battlers, Aymen0909, Bnke0x0, CRYP70, Ch_301, Chom, Deivitto, Dravee, ElKu, Fitraldys, Funen, GimelSec, IllIllI, JC, JohnSmith, Lambda, MiloTruck, Noah3o6, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, _Adam, __141345__, ajtra, ak1, arcoun, asutorufos, benbaessler, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, delfin454000, durianSausage, fatherOfBlocks, gogo, hake, hyh, joestakey, karanctf, kyteg, lcfr_eth, lucacez, m_Rassska, rajatbeladiya, rbserver, robee, rokinot, sach1r0, sahar, samruna, sashik_eth, seyni, simon135, zuhaibmohd
39.9648 USDC - $39.96
G-1 <ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP The overheads outlined below are PER LOOP, excluding the first loop
storage arrays incur a sload(100 gas)
memory arrays use MLOAD (3 gas)
calldata arrays use CALLDATALOAD (3 gas)
Caching the length changes each of these to a DUP<N> (3 gas), and gets rid of the extra DUP<N> needed to store the stack offset
2 instances for this issue:
ERC1155Fuse.sol L#92
ERC1155Fuse.sol L#205
G-2 REQUIRE()/REVERT() STRINGS LONGER THAN 32 BYTES COST EXTRA GAS Each extra chunk of byetes past the original 32 iincurs an MSTORE which costs 3 gas
G-3 USING PRIVATE RATHER THAN PUBLIC FOR CONSTANTS, SAVE GAS
If needed, the value can be read from the verified contract source code. Savings are due to the compiler not having to create non-payable getter functions for deployment calldata, and not adding another entry to the method ID table
There is 1 instance of this issue:
ETHRegistrarController.sol L#21
G-4 ABI.ENCODE() IS LESS EFFICIENT THAN ABI.ENCODEPACKED()
There is one issue of this:
ETHRegistrarController.sol L#106
G-5 USE CUSTOM ERRORS RATHER THAN REVERT()/REQUIRE() STRINGS TO SAVE GAS Custom errors are available from solidity version 0.8.4. Custom errors save ~50 gas each time theyโre hitby avoiding having to allocate and store the revert string. Not defining the strings also save deployment gas. https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#:~:text=%3E%200)%20%7B-,require(,)%3B,-%7D