Back to gianganhnguyen's contests

LooksRare Aggregator contest - gianganhnguyen's results

An NFT aggregator protocol.

General Information

Platform: Code4rena

Start Date: 08/11/2022

Pot Size: $60,500 USDC

Total HM: 6

Participants: 72

Period: 5 days

Judge: Picodes

Total Solo HM: 2

Id: 178

League: ETH

LooksRare

Findings Distribution

Researcher Performance

Rank: 37/72

Findings: 1

Award: $80.83

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLooksRare

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, Aymen0909, CloudX, Rolezn, aviggiano, carlitox477, datapunk, gianganhnguyen, shark, tnevler, zaskoh

Labels

bug
G (Gas Optimization)
grade-b
judge review requested
G-02

Awards

80.8321 USDC - $80.83

External Links

Link to GitHub issue

1. [G-1] Arithmetics: uncheck blocks for arithmetics operations that can't underflow/overflow

Solidity version 0.8+ comes with implicit overflow and underflow checks on unsigned integers. When an overflow or an underflow isn't possible, some gas can be saved by using an unchecked block.

I suggest wrapping with an unchecked block here:

File contracts/OwnableTwoSteps.sol, line 114:     earliestOwnershipRenouncementTime = block.timestamp + delay;

File contracts/proxies/SeaportProxy.sol, line 109:     if (orders[i].currency == address(0)) ethValue += orders[i].price;
File contracts/proxies/SeaportProxy.sol, line 147:     uint256 orderFee = (orders[i].price * feeBp) / 10000;
File contracts/proxies/SeaportProxy.sol, line 150:     fee += orderFee;
File contracts/proxies/SeaportProxy.sol, line 207:     uint256 orderFee = (price * feeBp) / 10000;
File contracts/proxies/SeaportProxy.sol, line 209:     fee += orderFee;

2. [G-2] Storage: Emitting storage values

The values emitted shouldn't be read from storage. The existing memory values should be used instead in here:

File contracts/OwnableTwoSteps.sol, line 114-116:     
       earliestOwnershipRenouncementTime = block.timestamp + delay;

       emit InitiateOwnershipRenouncement(earliestOwnershipRenouncementTime);

I suggest code replace:

       uint256 _earliestOwnershipRenouncementTime = block.timestamp + delay;
       earliestOwnershipRenouncementTime = _earliestOwnershipRenouncementTime;

       emit InitiateOwnershipRenouncement(_earliestOwnershipRenouncementTime);

#0 - c4-judge

2022-11-21T19:03:40Z

Picodes marked the issue as grade-b

#1 - 0xhiroshi

2022-11-22T23:04:11Z

  1. Seems valid, but we need some time to think about whether this brings any risks.
  2. While it looks valid, I tried this locally and it actually spends more gas.

#2 - c4-sponsor

2022-11-22T23:04:23Z

0xhiroshi requested judge review

#3 - 0xhiroshi

2022-11-23T09:43:15Z

For finding no.1, we have decided to reject it and any duplicated findings because it is simply too risky for us to use unchecked for a number we have no control over. orders[i].price comes from the frontend and we can't foresee what issues it can bring if there is an overflow/underflow.

@0xJurassicPunk FYI

#4 - 0xhiroshi

2022-12-12T23:20:18Z

@Picodes what is the edict of this report?

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter