Platform: Code4rena
Start Date: 11/08/2022
Pot Size: $40,000 USDC
Total HM: 8
Participants: 108
Period: 4 days
Judge: hickuphh3
Total Solo HM: 2
Id: 152
League: ETH
Rank: 101/108
Findings: 1
Award: $20.60
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0x040, 0x1f8b, 0xDjango, 0xHarry, 0xNazgul, 0xSmartContract, 0xbepresent, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, DevABDee, Diraco, ElKu, Fitraldys, Funen, IllIllI, JC, LeoS, Metatron, MiloTruck, Noah3o6, ReyAdmirado, Rohan16, Rolezn, Saw-mon_and_Natalie, Sm4rty, SpaceCake, TomJ, Tomio, Trabajo_de_mates, Waze, Yiko, __141345__, ajtra, apostle0x01, bobirichman, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, d3e4, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, hakerbaya, ignacio, jag, joestakey, ladboy233, medikko, mics, newfork01, oyc_109, pfapostol, robee, rvierdiiev, sach1r0, saian, samruna, sikorico, simon135, wagmi, zeesaw, zkhorse, zuhaibmohd
20.6 USDC - $20.60
Strings in solidity are handled in 32 byte chunks. A require string longer than 32 bytes uses more gas. Shortening these strings will save gas.
There are 13 occurrences
NFTCollection.sol
L158 require(tokenCreatorPaymentAddress != address(0), "NFTCollection: tokenCreatorPaymentAddress is required");
L263 require(bytes(tokenCID).length != 0, "NFTCollection: tokenCID is required");
L264 require(!cidToMinted[tokenCID], "NFTCollection: NFT was already minted");
L327 require(_exists(tokenId), "NFTCollection: URI query for nonexistent token");
NFTCollectionFactory.sol
L182 require(_rolesContract.isContract(), "NFTCollectionFactory: RolesContract is not a contract");
L203 require(_implementation.isContract(), "NFTCollectionFactory: Implementation is not a contract");
L227 require(_implementation.isContract(), "NFTCollectionFactory: Implementation is not a contract");
L262 require(bytes(symbol).length != 0, "NFTCollectionFactory: Symbol is required");
NFTDropCollection.sol
L130 require(bytes(_symbol).length > 0, "NFTDropCollection:_symbol must be set");
L131 require(_maxTokenId > 0, "NFTDropCollection:_maxTokenId must be set");
L172 require(count != 0, "NFTDropCollection:count must be greater than 0");
L179 require(latestTokenId <= maxTokenId, "NFTDropCollection: Exceeds max tokenId");
L238 require(_postRevealBaseURIHash != bytes32(0), "NFTDropCollection: usereveal instead");
Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met)
There are 13 occurrences
NFTCollection.sol
L158 require(tokenCreatorPaymentAddress != address(0), "NFTCollection: tokenCreatorPaymentAddress is required");
L263 require(bytes(tokenCID).length != 0, "NFTCollection: tokenCID is required");
L264 require(!cidToMinted[tokenCID], "NFTCollection: NFT was already minted");
L327 require(_exists(tokenId), "NFTCollection: URI query for nonexistent token");
NFTCollectionFactory.sol
L182 require(_rolesContract.isContract(), "NFTCollectionFactory: RolesContract is not a contract");
L203 require(_implementation.isContract(), "NFTCollectionFactory: Implementation is not a contract");
L227 require(_implementation.isContract(), "NFTCollectionFactory: Implementation is not a contract");
L262 require(bytes(symbol).length != 0, "NFTCollectionFactory: Symbol is required");
NFTDropCollection.sol
L130 require(bytes(_symbol).length > 0, "NFTDropCollection:_symbol must be set");
L131 require(_maxTokenId > 0, "NFTDropCollection:_maxTokenId must be set");
L172 require(count != 0, "NFTDropCollection:count must be greater than 0");
L179 require(latestTokenId <= maxTokenId, "NFTDropCollection: Exceeds max tokenId");
L238 require(_postRevealBaseURIHash != bytes32(0), "NFTDropCollection: usereveal instead");
#0 - HardlyDifficult
2022-08-19T15:19:57Z
Use short error messages
Agree but won't fix. We use up to 64 bytes, aiming to respect the incremental cost but 32 bytes is a bit too short to provide descriptive error messages for our users.
Custom errors
Agree but won't fix at this time. We use these in the market but not in collections. Unfortunately custom errors are still not as good of an experience for users (e.g. on etherscan). We used them in the market originally because we were nearing the max contract size limit and this was a good way to reduce the bytecode. We'll consider this in the future as tooling continues to improve.