Back to gianganhnguyen's contests

SIZE contest - gianganhnguyen's results

An on-chain sealed bid auction protocol.

General Information

Platform: Code4rena

Start Date: 04/11/2022

Pot Size: $42,500 USDC

Total HM: 9

Participants: 88

Period: 4 days

Judge: 0xean

Total Solo HM: 2

Id: 180

League: ETH

SIZE

Findings Distribution

Researcher Performance

Rank: 66/88

Findings: 1

Award: $21.13

Gas:
grade-b

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySIZE

Findings Information

🌟 Selected for report: 0x1f8b

Also found by: 0xSmartContract, 0xdeadbeef, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, JC, RaymondFam, ReyAdmirado, Rolezn, Sathish9098, TomJ, ajtra, aviggiano, chaduke, cryptostellar5, djxploit, gianganhnguyen, gogo, halden, karanctf, leosathya, lukris02, mcwildy, oyc_109, ret2basic, skyle, slowmoses

Awards

21.132 USDC - $21.13

Labels

bug
G (Gas Optimization)
grade-b
G-09

External Links

Link to GitHub issue

1. [G-1] For loops: increments in for loop can be uncheck to save gas

Solidity version 0.8+ comes with implicit overflow and underflow checks on unsigned integers. When an overflow or an underflow isn’t possible (as an example, when a comparison is made before the arithmetic operation), some gas can be saved by using an unchecked block

File src/SizeSealed.sol, line 244:     for (uint256 i; i < bidIndices.length; i++) {
File src/SizeSealed.sol, line 302:     for (uint256 i; i < seenBidMap.length - 1; i++) {

The code would go from:

for (uint256 i; i < numIterations; i++) { 
  ...
}

to:

for (uint256 i; i < numIterations;) { 
  ...
  unchecked { ++i; }  
}

2. [G-2] Variables: Cache read variables in memory will save gas

File src/SizeSealed.sol, line 337, 359, 418, 456:     Auction storage a = idToAuction[auctionId]; // I suggest code replace: Auction memory a = idToAuction[auctionId];

3. [G-3] Parameter: If we are not modifying the passed parameter we should pass it as calldata because calldata is more gas efficient than memory.

I suggest using calldata instead of memory here:

File src/SizeSealed.sol, line 217:     function finalize(uint256 auctionId, uint256[] memory bidIndices, uint128 clearingBase, uint128 clearingQuote)

File src/util/ECCMath.sol, line 25:     function ecMul(Point memory point, uint256 scalar)
File src/util/ECCMath.sol, line 37:     function encryptMessage(Point memory encryptToPub, uint256 encryptWithPriv, bytes32 message)
File src/util/ECCMath.sol, line 51:     function decryptMessage(Point memory sharedPoint, bytes32 encryptedMessage)
File src/util/ECCMath.sol, line 60:     function hashPoint(Point memory point)

4. [G-4] Arithmetics: uncheck blocks for arithmetics operations that can't underflow/overflow

Solidity version 0.8+ comes with implicit overflow and underflow checks on unsigned integers. When an overflow or an underflow isn't possible, some gas can be saved by using an unchecked block.

I suggest wrapping with an unchecked block here:

File src/SizeSealed.sol, line 84:       uint256 auctionId = ++currentAuctionId;
File src/SizeSealed.sol, line 249:     uint256 bitmapIndex = bidIndex / 256;
File src/SizeSealed.sol, line 251:     uint256 indexBit = 1 << (bidIndex % 256);
File src/SizeSealed.sol, line 378:     uint256 refundedQuote = b.quoteAmount - quoteBought;

#0 - c4-judge

2022-11-10T02:19:08Z

0xean marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter