Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 96
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 5
Id: 140
League: ETH
Rank: 54/96
Findings: 2
Award: $45.51
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, JC, JMukesh, JohnSmith, Lambda, Limbooo, MadWookie, MiloTruck, Nethermind, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RoiEvenHaim, SmartSek, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Treasure-Seeker, UnusualTurtle, Varun_Verma, Wayne, Waze, _Adam, apostle0x01, asutorufos, berndartmueller, c3phas, catchup, cccz, cloudjunky, codexploder, cryptphi, defsec, delfin454000, dipp, ellahi, exd0tpy, fatherOfBlocks, hansfriese, hyh, joestakey, kebabsec, kenta, masterchief, minhquanym, naps62, oyc_109, pashov, peritoflores, reassor, rfa, robee, sach1r0, saian, sashik_eth, shenwilly, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, ych18, zuhaibmohd, zzzitron
28.2781 USDC - $28.28
NibblVaultFactory.sol
Basket.sol
NibblVault.sol
L126/128 - Instead of using the values ​​1 and 2 as manual reentrancy guard, true and false could be used, generating less gas cost.
L335/347 - The functions _sellPrimaryCurve() and _sellSecondaryCurve() have the structure: uint256 _amount, uint256 _totalSupply, but inside the functions they are used exactly the other way around, therefore it is better that the order is reversed: uint256 _totalSupply, uint256 _amount.
L321/382/405 - There is a commented code that should not be there.
L495 - In the constructor the inputs are passed in this order: uint256 _assetID, address _to and in the code they are used exactly in the opposite way, so it would be better to use them like this: address _assetAddress, address _to, uint256 _assetID.
L504/545 - It is not validated that the inputs address[] memory _assetAddresses, uint256[] memory _assetIDs have the same size, this can cause it to reverse if _assets.length > _assetIDs.length and if it is the other way around, _assetIDs would remain without being transferred .
#0 - HardlyDifficult
2022-07-04T15:58:32Z
Fair points, mostly NC.
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 8olidity, ACai, BowTiedWardens, Chandr, Chom, ElKu, Fitraldys, Funen, IgnacioB, JC, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, Randyyy, SmartSek, StErMi, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, _Adam, ajtra, c3phas, cRat1st0s, catchup, codexploder, cryptphi, defsec, delfin454000, ellahi, exd0tpy, fatherOfBlocks, hansfriese, joestakey, kebabsec, kenta, m_Rassska, minhquanym, oyc_109, pashov, reassor, rfa, robee, sach1r0, saian, sashik_eth, simon135, slywaters, ych18, ynnad, zuhaibmohd
17.2302 USDC - $17.23
NibblVaultFactory.sol
L48/49/107/114/131/141/149/166 - Instead of using a require, you can use custom Errors with ifs, this way you could generate less gas cost.
L48/107/131/141/149/166 - If the strings exceed 32 bytes they generate a higher expense than with <= 32 bytes, we recommend abbreviating the texts.
Basket.sol
L36/42/53/62/69/79/86/92 - Instead of using a require, you can use custom Errors with ifs.
L43/70/93 - It is not necessary to create a variable and set it to its default value, this generates an unnecessary extra gas cost.
L43/70/93 - Instead of doing i++, you can save gas by using unchecked{++i;}
Twav.sol
NibblVault.sol
L129/139/146/147/154/184/185/325/351/387/399/400/404/444/475/486/496/505/516/524/536/546/561/564/570 - Instead of using a require, you can use custom Errors with ifs.
L128/138/145/153 - Modifiers generate a very high gas cost, which can be replaced by private view functions.
L227/243 - It is less expensive to validate "variable != 0" than "variable > 0"
L506/525/547 - It is not necessary to set the variables to their default value, since they generate an unnecessary gas expense.
L506/525/547 - Instead of doing i++, you can save gas by using unchecked{++i;}
L562 - Instead of nonces[owner]++, ++nonces[owner] is less expensive.
L506/525/547 - Instead of directly using the variable.length in the for loop, you could create a variable in memory to be used inside the for loop.
#0 - mundhrakeshav
2022-06-30T14:00:32Z
#3, #6, #7, #8, #9, #10, #11, #15