Back to emrekocak's contests

The Graph L2 bridge contest - emrekocak's results

A protocol for indexing and querying blockchain data.

General Information

Platform: Code4rena

Start Date: 07/10/2022

Pot Size: $50,000 USDC

Total HM: 4

Participants: 62

Period: 5 days

Judge: 0xean

Total Solo HM: 2

Id: 169

League: ETH

The Graph

Findings Distribution

Researcher Performance

Rank: 52/62

Findings: 1

Award: $20.79

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryThe Graph

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xNazgul, 0xSmartContract, 0xdeadbeef, B2, Bnke0x0, Deivitto, ElKu, Jujic, KoKo, Pheonix, RaymondFam, RedOneN, RockingMiles, Rolezn, Saintcode_, Shinchan, TomJ, Tomio, __141345__, ajtra, aysha, c3phas, carlitox477, catchup, delfin454000, emrekocak, erictee, fatherOfBlocks, gerdusx, gianganhnguyen, gogo, martin, mcwildy, medikko, oyc_109, pedr02b2, rbserver, ret2basic, rotcivegaf, saian, sakman, zishansami

Awards

20.7905 USDC - $20.79

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

USE A MORE RECENT VERSION OF SOLIDITY

Use a solidity version of at least 0.8.0 to get overflow protection without LowGasSafeMath Use a solidity version of at least 0.8.2 to get simple compiler automatic inlining Use a solidity version of at least 0.8.3 to get better struct packing and cheaper multiple storage reads Use a solidity version of at least 0.8.4 to get custom errors, which are cheaper at deployment than revert()/require() strings Use a solidity version of at least 0.8.10 to have external calls skip contract existence checks if the external call has a return value

Instances include: contracts/gateway/BridgeEscrow.sol:3 contracts/upgrades/GraphUpgradeable.sol:3 contracts/governance/Governed.sol:3 contracts/governance/Pausable.sol:3 contracts/l2/token/L2GraphToken.sol:3 contracts/upgrades/GraphProxyAdmin.sol:3 contracts/upgrades/GraphProxyStorage.sol:3 contracts/upgrades/GraphProxy.sol:3 contracts/governance/Managed.sol:3 contracts/l2/token/GraphTokenUpgradeable.sol:3 contracts/l2/gateway/L2GraphTokenGateway.sol:3 contracts/gateway/L1GraphTokenGateway.sol:3 contracts/gateway/GraphTokenGateway.sol:3 contracts/curation/IGraphCurationToken.sol:3 contracts/gateway/ICallhookReceiver.sol:9 contracts/upgrades/IGraphProxy.sol:3 contracts/epochs/IEpochManager.sol:3 contracts/governance/IController.sol:3 contracts/token/IGraphToken.sol:3 contracts/rewards/IRewardsManager.sol:3 contracts/staking/IStakingData.sol:3 contracts/curation/ICuration.sol:3 contracts/staking/IStaking.sol:3

Require/Revert strings longer than 32 bytes cost additional gas

Instances include: contracts/upgrades/GraphUpgradeable.sol:32 contracts/upgrades/GraphProxy.sol:105 contracts/upgrades/GraphProxy.sol:141 contracts/upgrades/GraphProxy.sol:144 contracts/governance/Managed.sol:53 contracts/gateway/GraphTokenGateway.sol:21

Use assembly to check for address(0)

Saves 6 gas per instance if using assembly to check for address(0) e.g.

assembly {
 if iszero(_addr) {
  mstore(0x00, "zero address")
  revert(0x00, 0x20)
 }
}

Instances include: contracts/governance/Governed.sol:41 contracts/governance/Governed.sol:55 contracts/l2/token/L2GraphToken.sol:49 contracts/l2/token/L2GraphToken.sol:60 contracts/l2/token/L2GraphToken.sol:70 contracts/upgrades/GraphProxy.sol:105 contracts/upgrades/GraphProxy.sol:143 contracts/governance/Managed.sol:104 contracts/l2/token/GraphTokenUpgradeable.sol:106 contracts/l2/gateway/L2GraphTokenGateway.sol:98 contracts/l2/gateway/L2GraphTokenGateway.sol:108 contracts/l2/gateway/L2GraphTokenGateway.sol:118 contracts/l2/gateway/L2GraphTokenGateway.sol:148 contracts/gateway/L1GraphTokenGateway.sol:74 contracts/gateway/L1GraphTokenGateway.sol:110 contracts/gateway/L1GraphTokenGateway.sol:111 contracts/gateway/L1GraphTokenGateway.sol:122 contracts/gateway/L1GraphTokenGateway.sol:132 contracts/gateway/L1GraphTokenGateway.sol:142 contracts/gateway/L1GraphTokenGateway.sol:153 contracts/gateway/L1GraphTokenGateway.sol:165 contracts/gateway/L1GraphTokenGateway.sol:202 contracts/gateway/GraphTokenGateway.sol:31

In require(), Use != 0 Instead of > 0 With Uint Values

In a require, when checking a uint, using != 0 instead of > 0 saves 6 gas. This will jump over or avoid an extra ISZERO opcode.

Instances include:
contracts/gateway/L1GraphTokenGateway.sol:201 contracts/gateway/L1GraphTokenGateway.sol:217

Splitting require() statements that use && saves gas

Saves 16 gas per instance. If you're using the Optimizer at 200, instead of using the && operator in a single require statement to check multiple conditions, multiple require statements with 1 condition per require statement should be used to save gas:

contracts/governance/Governed.sol:55 contracts/upgrades/GraphProxy.sol:143 contracts/l2/gateway/L2GraphTokenGateway.sol:146 contracts/gateway/L1GraphTokenGateway.sol:142

Calls to keccak256 should use immutable instead of constants

Instances include: contracts/l2/token/GraphTokenUpgradeable.sol:34 contracts/l2/token/GraphTokenUpgradeable.sol:38 contracts/l2/token/GraphTokenUpgradeable.sol:39 contracts/l2/token/GraphTokenUpgradeable.sol:40 contracts/l2/token/GraphTokenUpgradeable.sol:42

abi.encode() is less efficient than abi.encodepacked()

Instances include: contracts/l2/token/GraphTokenUpgradeable.sol:162 contracts/l2/token/GraphTokenUpgradeable.sol:88 contracts/l2/gateway/L2GraphTokenGateway.sol:174 contracts/l2/gateway/L2GraphTokenGateway.sol:275 contracts/gateway/L1GraphTokenGateway.sol:249 contracts/gateway/L1GraphTokenGateway.sol:342

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter