Platform: Code4rena
Start Date: 28/06/2022
Pot Size: $25,000 USDC
Total HM: 14
Participants: 50
Period: 4 days
Judge: GalloDaSballo
Total Solo HM: 7
Id: 141
League: ETH
Rank: 48/50
Findings: 1
Award: $21.80
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0x1f8b
Also found by: 0x29A, 0xArshia, 0xKitsune, Bnke0x0, Chom, Fitraldys, Funen, JC, Lambda, Meera, Noah3o6, Picodes, RedOneN, Rohan16, Sm4rty, TerrierLover, TomJ, Tomio, Waze, ajtra, c3phas, cRat1st0s, defsec, durianSausage, fatherOfBlocks, grGred, hake, ladboy233, m_Rassska, mrpathfindr, oyc_109, rfa, ynnad
21.8032 USDC - $21.80
Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met) while providing the same amount of information, as explained https://blog.soliditylang.org/2021/04/21/custom-errors/. Custom errors are defined using the error statement.
BaseJumpRateModelV2 L68 CDaiDelegate L32 L49 L74 L134 L177 L181 CErc20 L129 L130 L186 L220 L229 CErc20Delegate L30 L42 ….
Almost require statements are require with string. There are 318 require statements in Lending market contract codes. If they can rewrite to the custom errors, we can save a lot of gas.
0 is less gas efficient than !0 if you enable the optimizer at 10k AND you’re in a require statement. Detailed explanation with the opcodes https://twitter.com/gzeon/status/1485428085885640706
Comptroller L314 L385 L1134 L1199 L1202 L1205 L1220 L1223 L1226 L1316 L1384 ….
Unsigned int is common type in contract. There are 1172 “> 0” statements in whole project. If they can rewrite to the “ != 0” statement , we can save a lot of gas.
In the EVM, there is no opcode for >= or <=. When using greater than or equal, two operations are performed: > and =. Using strict comparison operators hence saves gas
CDaiDelegate L177 Comptroller L496 L1248 L1287 CToken L768 ERC20 L183 L212 L251 L298 ….
Replace <= with <, and >= with >. Do not forget to increment/decrement the compared variable.
Prefix increments are cheaper than postfix increments.
Comptroller L131 L211 L742 L964 L1010 L1352 L1358 L1364 L1369 …. There are 38 postfix increments in Leading pool project. Almost increments use postfix increments.
If they can rewrite to the prefix statement , we can save a lot of gas.
Require statements including conditions with the && operator can be broken down in multiple require statements to save gas.
Comptroller L1416 ComptrollerG7 L961 CToken L34 ….
For example, we should
require(accrualBlockNumber == 0 && borrowIndex == 0, "market may only be initialized once");
Break in to
require(accrualBlockNumber == 0 , "accrualBlockNumber is zero"); require(borrowIndex == 0 , "borrowIndex is zero");
Solidity contracts have contiguous 32 bytes (256 bits) slots used in storage. By arranging the variables, it is possible to minimize the number of slots used within a contract’s storage and therefore reduce deployment costs.
address type variables are each of 20 bytes size (way less than 32 bytes). However, they here take up a whole 32 bytes slot (they are contiguous).
As bool type variables are of size 1 byte, there’s a slot here that can get saved by moving them closer to an address
CTokenInterfaces L15 L30 should close to each other.
NoteInterest L15 “using SafeMath for uint;“
ERC20 L214 L231 L232 WETH L23 L77 L76 BaseV1-core L160 161 L186 187 211 229 397 398 461 462 Calculations L30 31 Token L88 89 99 100
#0 - GalloDaSballo
2022-08-14T20:46:10Z
No immutables, less than 100 gas saved, also the report formatting leaves a lot to be desired (no links, incomplete name of files)