Putty contest - cRat1st0s's results

An order-book based american options market for NFTs and ERC20s.

General Information

Platform: Code4rena

Start Date: 29/06/2022

Pot Size: $50,000 USDC

Total HM: 20

Participants: 133

Period: 5 days

Judge: hickuphh3

Total Solo HM: 1

Id: 142

League: ETH

Putty

Findings Distribution

Researcher Performance

Rank: 125/133

Findings: 1

Award: $21.17

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Putty

Findings Information

🌟 Selected for report: GalloDaSballo

Also found by: 0v3rf10w, 0x1f8b, 0xA5DF, 0xDjango, 0xHarry, 0xKitsune, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, 0xsanson, ACai, Aymen0909, Bnke0x0, BowTiedWardens, Chom, ElKu, Fitraldys, Funen, Haruxe, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Kenshin, Lambda, Limbooo, MadWookie, Metatron, MiloTruck, Picodes, PwnedNoMore, Randyyy, RedOneN, ReyAdmirado, Ruhum, Sm4rty, StErMi, StyxRave, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, Yiko, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, c3phas, cRat1st0s, catchup, codetilda, cryptphi, datapunk, defsec, delfin454000, durianSausage, exd0tpy, fatherOfBlocks, gogo, grrwahrr, hake, hansfriese, horsefacts, ignacio, jayfromthe13th, joestakey, ladboy233, m_Rassska, mektigboy, minhquanym, mrpathfindr, natzuu, oyc_109, rajatbeladiya, reassor, rfa, robee, rokinot, sach1r0, saian, sashik_eth, simon135, slywaters, swit, z3s, zeesaw, zer0dot

Awards

21.1705 USDC - $21.17

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

2022-06-PuttyV2 Report

Files Description Table

File Name	SHA-1 Hash
2022-06-putty/contracts/src/PuttyV2.sol	b1dd8c42d4a91451c119b1f50122e3c97dde97d2

Gas Optimizations

[G-01]: Variables: No need to explicitly initialize variables with default values

Impact

If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0, etc depending on the data type). If you explicitly initialize it with its default value, you are just wasting gas.

Code Affected:

2022-06-putty/contracts/src/PuttyV2.sol::497 => uint256 feeAmount = 0;

Mitigation

Do not initialize variables with default values.

Tools used

VS Code

[G-02]: For-Loops: Pre-increments cost less gas compared to post-increments

Impact

Pre-increments cost less gas compared to post-increments.

Code Affected:

2022-06-putty/contracts/src/PuttyV2.sol::556 => for (uint256 i = 0; i < orders.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::594 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::611 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::627 => for (uint256 i = 0; i < floorTokens.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::637 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::647 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::658 => for (uint256 i = 0; i < floorTokens.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::670 => for (uint256 i = 0; i < whitelist.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::728 => for (uint256 i = 0; i < arr.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::742 => for (uint256 i = 0; i < arr.length; i++) {

Mitigation

Change i++ to ++i.

Tools used

VS Code

[G-03]: For-Loops: Increments can be unchecked

Impact

In Solidity 0.8+, there’s a default overflow check on unsigned integers.

Code Affected:

2022-06-putty/contracts/src/PuttyV2.sol::556 => for (uint256 i = 0; i < orders.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::594 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::611 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::627 => for (uint256 i = 0; i < floorTokens.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::637 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::647 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::658 => for (uint256 i = 0; i < floorTokens.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::670 => for (uint256 i = 0; i < whitelist.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::728 => for (uint256 i = 0; i < arr.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::742 => for (uint256 i = 0; i < arr.length; i++) {

Mitigation

One example is the code would go from:

for (uint i = 0; i < _prices.length; i++) {
    priceAverageCumulative += _prices[i];
}

to:

for (uint i = 0; i < _prices.length;) {
    priceAverageCumulative += _prices[i];
    unchecked { i++; }
}

Tools used

VS Code

[G-04]: For-Loops: No need to explicitly initialize variables with default values

Impact

Code Affected:

2022-06-putty/contracts/src/PuttyV2.sol::556 => for (uint256 i = 0; i < orders.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::594 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::611 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::627 => for (uint256 i = 0; i < floorTokens.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::637 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::647 => for (uint256 i = 0; i < assets.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::658 => for (uint256 i = 0; i < floorTokens.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::670 => for (uint256 i = 0; i < whitelist.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::728 => for (uint256 i = 0; i < arr.length; i++) {

2022-06-putty/contracts/src/PuttyV2.sol::742 => for (uint256 i = 0; i < arr.length; i++) {

Mitigation

Do not initialize variables with default values.

Tools used

VS Code

[G-05]: Comparisons: Use `!= 0` rather than `> 0` for unsigned integers in `require()` statements

Impact

When the optimizer is enabled, gas is wasted by doing a greater-than operation, rather than a not-equals operation inside require() statements. When using !=, the optimizer is able to avoid the EQ, ISZERO, and associated operations, by relying on the JUMPI that comes afterwards, which itself checks for zero.

Affected Code:

2022-06-putty/contracts/src/PuttyV2.sol::293 => require(order.baseAsset.code.length > 0, "baseAsset is not contract");

2022-06-putty/contracts/src/PuttyV2.sol::598 => require(token.code.length > 0, "ERC20: Token is not contract");

2022-06-putty/contracts/src/PuttyV2.sol::599 => require(tokenAmount > 0, "ERC20: Amount too small");

Mitigation

Use != 0 rather than > 0 for unsigned integers in require() statements.

Tools used

VS Code

Putty contest - cRat1st0s's results

An order-book based american options market for NFTs and ERC20s.

General Information

Findings Distribution

Researcher Performance

External Links

[G-27] Gas Report - $21.17

Findings Information

Awards

Labels

External Links

2022-06-PuttyV2 Report

Files Description Table

Gas Optimizations

[G-01]: Variables: No need to explicitly initialize variables with default values

Impact

Code Affected:

Mitigation

Tools used

[G-02]: For-Loops: Pre-increments cost less gas compared to post-increments

Impact

Code Affected:

Mitigation

Tools used

[G-03]: For-Loops: Increments can be unchecked

Impact

Code Affected:

Mitigation

Tools used

[G-04]: For-Loops: No need to explicitly initialize variables with default values

Impact

Code Affected:

Mitigation

Tools used

[G-05]: Comparisons: Use != 0 rather than > 0 for unsigned integers in require() statements

Impact

Affected Code:

Mitigation

Tools used

[G-05]: Comparisons: Use `!= 0` rather than `> 0` for unsigned integers in `require()` statements