Back to brgltd's contests

Fractional v2 contest - brgltd's results

A collective ownership platform for NFTs on Ethereum.

General Information

Platform: Code4rena

Start Date: 07/07/2022

Pot Size: $75,000 USDC

Total HM: 32

Participants: 141

Period: 7 days

Judge: HardlyDifficult

Total Solo HM: 4

Id: 144

League: ETH

Fractional

Findings Distribution

Researcher Performance

Rank: 125/141

Findings: 1

Award: $37.55

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFractional

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x29A, 0xA5DF, 0xKitsune, 0xNazgul, 0xNineDec, 0xalpharush, 0xkatana, 0xsanson, 0xsolstars, 8olidity, Avci, Bnke0x0, BowTiedWardens, Chom, Deivitto, ElKu, Fitraldys, Funen, IllIllI, JC, Kaiziron, Lambda, Limbooo, MEP, NoamYakov, PwnedNoMore, RedOneN, ReyAdmirado, Rohan16, Ruhum, Saintcode_, Sm4rty, TomJ, Tomio, TrungOre, Tutturu, Waze, _Adam, __141345__, ajtra, apostle0x01, asutorufos, benbaessler, brgltd, c3phas, codexploder, cryptphi, delfin454000, dharma09, djxploit, durianSausage, fatherOfBlocks, giovannidisiena, gogo, horsefacts, hrishibhat, hyh, ignacio, jocxyen, jonatascm, karanctf, kebabsec, kyteg, m_Rassska, mektigboy, oyc_109, pedr02b2, rbserver, robee, rokinot, sach1r0, sashik_eth, simon135, slywaters

Awards

37.5523 USDC - $37.55

Labels

bug
G (Gas Optimization)
sponsor acknowledged

External Links

Link to GitHub issue

[G-01] ++I COSTS LESS GAS THAN I++, ESPECIALLY FOR LOOPS

Saves about 5 gas per loop.

There are 2 instances of this issue:

File: src/Vault.sol
78:   for (uint256 i = 0; i < length; i++) {

104:  for (uint256 i = 0; i < length; i++) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/Vault.sol

[G-02] ++I/I++ INCREMENTS CAN BE UNCHECKED FOR LOOPS

The solidity compiler will apply arithmetic checks for the increment step during loops. This can be disabled since the value of "i" won't surpass the upper bound that's checked on the break condition.

Adding uncheck can save 30-40 gas per loop.

There are 2 instances of this issue.

File: src/Vault.sol
78:   for (uint256 i = 0; i < length; i++) {

104:  for (uint256 i = 0; i < length; i++) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/Vault.sol

[G-03] ARRAY.LENGTH SHOULD NOT BE COMPUTED ON EVERY INTERATION DURING A LOOP

Instead of computing array.length for every iteration, the value for array.length should be cached before the loop to save gas.

There are 8 instances of this issue:

File: src/modules/Buyout.sol
454:  for (uint256 i; i < permissions.length; ) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/modules/Buyout.sol

File: src/modules/protoforms/BaseVault.sol
64:   for (uint256 i = 0; i < _tokens.length; ) {

83:   for (uint256 i = 0; i < _tokens.length; ) {

107:  for (uint256 i = 0; i < _tokens.length; ++i) {

130:  for (uint256 i; i < _modules.length; ++i) {

132:  for (uint256 j; j < leaves.length; ++j) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/modules/protoforms/BaseVault.sol

File: src/utils/MerkleBase.sol
51:   for (uint256 i = 0; i < _proof.length; ++i) {

110:  for (uint256 i; i < result.length; ++i) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/utils/MerkleBase.sol

[G-04] USE THE MOST RECENT VERSION OF SOLIDITY

The latest version of solidity is 0.8.15 and all the contract audited are using 0.8.13.

Using the latest version can ensure improvements on bytecode size, compiler warnings, deployment gas and runtime gas.

[G-05] USE CUSTOM ERRORS RATHER THAN REVERT()/REQUIRE() TO SAVE GAS

There are 6 instances of this issue.

File: src/FERC1155.sol
263:  require(

265:  require(

297:  require(metadata[_id] != address(0), "NO METADATA");

https://github.com/code-423n4/2022-07-fractional/blob/main/src/FERC1155.sol

File: src/utils/MerkleBase.sol
62:    require(_data.length > 1, "wont generate root for single leaf");

78:    require(_data.length > 1, "wont generate proof for single leaf");

https://github.com/code-423n4/2022-07-fractional/blob/main/src/utils/MerkleBase.sol

File: src/utils/Multicall.sol
23:    if (result.length == 0) revert();

https://github.com/code-423n4/2022-07-fractional/blob/main/src/utils/Multicall.sol

[G-06] DUPLICATED REQUIRE()/REVERT() CHECKS SHOULD BE REFACTORED TO A FUNCTION MODIFIER

There are 2 instances of this issue.

File: src/utils/MerkleBase.sol
62:    require(_data.length > 1, "wont generate proof for single leaf");

78:    require(_data.length > 1, "wont generate proof foru ngle leaf");

https://github.com/code-423n4/2022-07-fractional/blob/main/src/utils/MerkleBase.sol

[G-07] IT COSTS MORE GAS TO INITIALIZE VARIABLES TO ZERO THAN TO LET THE DEFAULT OF ZERO BE APPLIED

There are 6 instances of this issue.

File: src/Vault.sol
78:    for (uint256 i = 0; i < length; i++) {

104:   for (uint256 i = 0; i < length; i++) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/Vault.sol

File: src/modules/protoforms/BaseVault.sol
64:    for (uint256 i = 0; i < _tokens.length; ) {

83:    for (uint256 i = 0; i < _tokens.length; ) {

107:   for (uint256 i = 0; i < _tokens.length; ++i) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/modules/protoforms/BaseVault.sol

File: src/utils/MerkleBase.so
51:    for (uint256 i = 0; i < _proof.length; ++i) {

https://github.com/code-423n4/2022-07-fractional/blob/main/src/utils/MerkleBase.sol

[G-08] MULTIPLICATION/DIVISION BY TWO SHOULD USE BIT SHIFTING

x * 2 is equivalent to x << 1 and x / 2 is equivalent to x >> 1 Each operation can save 2 gas.

There are 3 instances of this issue.

File: src/utils/MerkleBase.sol
100:   _node = _node / 2;

136:   result = new bytes32[](length / 2 + 1);

142:   result = new bytes32[](length / 2);

https://github.com/code-423n4/2022-07-fractional/blob/main/src/utils/MerkleBase.sol

[G-09] USE PRIVATE RATHER THAN PUBLIC FOR CONSTANTS

Using private constants will save gas and the variables can be inspected on the source code if necessary.

There are 6 instances of this issue.

File: src/FERC1155.sol
15:    string public constant NAME = "FERC1155";

17:    string public constant VERSION = "1";

https://github.com/code-423n4/2022-07-fractional/blob/main/src/FERC1155.sol

File: src/modules/Buyout.sol
35:    uint256 public constant PROPOSAL_PERIOD = 2 days;

37:    uint256 public constant REJECTION_PERIOD = 4 days;

https://github.com/code-423n4/2022-07-fractional/blob/main/src/modules/Buyout.sol

File: src/modules/Migration.sol
43:    uint256 public constant PROPOSAL_PERIOD = 7 days;

https://github.com/code-423n4/2022-07-fractional/blob/main/src/modules/Migration.sol

File: src/utils/SafeSend.sol
11:    address payable public constant WETH_ADDRESS =

https://github.com/code-423n4/2022-07-fractional/blob/main/src/utils/SafeSend.sol

[G-10] X += Y COSTS MORE GAS THAN X = X + Y FOR STATE VARIABLES

The operations x += y and x -= y can be replaced with x = x + y and x = x - y, and can save gas by doing so.

This issue can occur on state variables created inside the contract or inherited from other contracts.

There are 6 instances of this issue:

File: src/FERC1155.sol
62:    totalSupply[_id] -= _amount;

86:    totalSupply[_id] += _amount;

270:   balanceOf[_from][_id] -= _amount;

271:   balanceOf[_to][_id] += _amount;

https://github.com/code-423n4/2022-07-fractional/blob/main/src/FERC1155.sol

File: src/modules/Buyout.sol
139: buyoutInfo[_vault].ethBalance -= ethAmount;

176: buyoutInfo[_vault].ethBalance += msg.value;

https://github.com/code-423n4/2022-07-fractional/blob/main/src/modules/Buyout.sol

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter