Platform: Code4rena
Start Date: 16/09/2021
Pot Size: $50,000 USDC
Total HM: 26
Participants: 30
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 17
Id: 36
League: ETH
Rank: 29/30
Findings: 1
Award: $62.07
🌟 Selected for report: 1
🚀 Solo Findings: 0
4.3799 USDC - $4.38
chasemartin01
Functions that are called externally and not used in the contracts should be declared as external.
There's several public functions that can be declared external
changePublisher(address) should be declared external: - Basket.changePublisher(address) (contracts/Basket.sol#133-148) changeLicenseFee(uint256) should be declared external: - Basket.changeLicenseFee(uint256) (contracts/Basket.sol#152-166) publishNewIndex(address[],uint256[]) should be declared external: - Basket.publishNewIndex(address[],uint256[]) (contracts/Basket.sol#170-194) deleteNewIndex() should be declared external: - Basket.deleteNewIndex() (contracts/Basket.sol#207-214) setMinLicenseFee(uint256) should be declared external: - Factory.setMinLicenseFee(uint256) (contracts/Factory.sol#39-41) setAuctionDecrement(uint256) should be declared external: - Factory.setAuctionDecrement(uint256) (contracts/Factory.sol#43-45) setAuctionMultiplier(uint256) should be declared external: - Factory.setAuctionMultiplier(uint256) (contracts/Factory.sol#47-49) setBondPercentDiv(uint256) should be declared external: - Factory.setBondPercentDiv(uint256) (contracts/Factory.sol#51-53) setOwnerSplit(uint256) should be declared external: - Factory.setOwnerSplit(uint256) (contracts/Factory.sol#55-59) proposeBasketLicense(uint256,string,string,address[],uint256[]) should be declared external: - Factory.proposeBasketLicense(uint256,string,string,address[],uint256[]) (contracts/Factory.sol#65-91)
Slither
Change instances of functions that are public and can be external to external
#0 - GalloDaSballo
2021-11-28T17:48:31Z
Duplicate of #240
🌟 Selected for report: chasemartin01
57.691 USDC - $57.69
chasemartin01
Gas optimisation
As an example, you can change the declaration of inputTokens, inputWeights, outputTokens, outputWeights to be calldata as a gas optimisation
https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Auction.sol#L69-L75
There's other instances of this in Basket.sol andFactory.sol
When you specify memory for a function param for an external function, the following happens: the compiler copies elements from calldata to memory (using the opcode calldatacopy.) Note that there is also the opcode calldataload to read an offset from calldata. By changing the location from memory to calldata, you avoid this expensive copy from calldata to memory, while managing to do exactly what's needed.
Manual analysis
Change all instances of memory to calldata where the function parameter isn't being modified
#0 - GalloDaSballo
2021-11-29T13:53:52Z
Agree because the function is public, notice that by changing to external you avoid this as well