Back to kenta's contests

Nested Finance contest - kenta's results

The one-stop Defi app to build, manage and monetize your portfolio.

General Information

Platform: Code4rena

Start Date: 10/02/2022

Pot Size: $30,000 USDC

Total HM: 5

Participants: 24

Period: 3 days

Judge: harleythedog

Total Solo HM: 3

Id: 86

League: ETH

Nested Finance

Findings Distribution

Researcher Performance

Rank: 18/24

Findings: 1

Award: $121.76

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNested Finance

Findings Information

🌟 Selected for report: pauliax

Also found by: 0x1f8b, Dravee, GreyArt, Omik, ShippooorDAO, Tomio, bobi, cmichel, csanuragjain, defsec, gzeon, kenta, kenzo, m_smirnova2020, rfa, robee, sirhashalot, ye0lde

Awards

121.765 USDC - $121.76

Labels

bug
G (Gas Optimization)
sponsor confirmed

External Links

Link to GitHub issue

Gas optimization

1 Use default value for uint256 and use ++i instead of i++ in for loop

https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L136-L139 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L148 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L165 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L261 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L280 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L318

https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L103 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L113 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L153 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L213 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L273 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L327 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L369 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L581

https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedFactory.sol#L581

https://github.com/code-423n4/2022-02-nested/blob/main/contracts/OperatorResolver.sol#L40 https://github.com/code-423n4/2022-02-nested/blob/main/contracts/OperatorResolver.sol#L75

Feesplitter.sol

2 Use storage for shareholders[_accountIndex]saves gas in updateShareholder.

https://github.com/code-423n4/2022-02-nested/blob/main/contracts/FeeSplitter.sol#L134-L140

function updateShareholder(uint256 _accountIndex, uint96 _weight) external onlyOwner { require(_accountIndex < shareholders.length, "FS: INVALID_ACCOUNT_INDEX"); Shareholder storage _shareholder = shareholders[_accountIndex]; totalWeights = totalWeights + _weight - _shareholder.weight; require(totalWeights != 0, "FS: TOTAL_WEIGHTS_ZERO"); _shareholder.weight = _weight; emit ShareholderUpdated(_shareholder.account, _weight); }

NestedRecords.sol

3 Check _reserve != address(0) earlier in store save gas.

https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedRecords.sol#L111-L127

require(_reserve != address(0), “NRC: NO_ADDRESS”); must be checked separately at the beginning of function.

4 Use storage for records[_nftId] saves gas in store.

https://github.com/code-423n4/2022-02-nested/blob/main/contracts/NestedRecords.sol#L111-L132

function store( uint256 _nftId, address _token, uint256 _amount, address _reserve ) external onlyFactory { NftRecord storage _record = records[_nftId]; uint256 amount = _record.holdings[_token]; // uint256 amount = records[_nftId].holdings[_token]; if (amount != 0) { require(_record.reserve == _reserve, "NRC: RESERVE_MISMATCH"); updateHoldingAmount(_nftId, _token, amount + _amount); return; } require(_record.tokens.length < maxHoldingsCount, "NRC: TOO_MANY_TOKENS"); require( _reserve != address(0) && (_reserve == _record.reserve || _record.reserve == address(0)), "NRC: INVALID_RESERVE" );

    _record.holdings[_token] = _amount;
    _record.tokens.push(_token);
    _record.reserve = _reserve;
}

#0 - maximebrugel

2022-02-17T13:01:13Z

"Use default value for uint256 and use ++i instead of i++ in for loop" (Disputed)

Already in first audit : https://github.com/code-423n4/2021-11-nested-findings/issues/25

"Use storage for shareholders[_accountIndex]saves gas in updateShareholder" (Confirmed)

38492 to 37953 => -539

"Check _reserve != address(0) earlier in store save gas" (Acknowledged)

"Use storage for records[_nftId] saves gas in store" (Duplicated)

https://github.com/code-423n4/2022-02-nested-findings/issues/56

#1 - harleythedogC4

2022-03-13T03:32:02Z

My personal judgments:

  1. "Use default value for uint256 and use ++i instead of i++ in for loop". Agree with sponsor. Invalid.
  2. "Use storage for shareholders[_accountIndex]". Valid and small-optimization.
  3. "Check _reserve != address(0) earlier in store save gas." Valid and small-optimization.
  4. "Use storage for records[_nftId] saves gas in store". Valid and small-optimization.

#2 - harleythedogC4

2022-03-13T06:21:19Z

Now, here is the methodology I used for calculating a score for each gas report. I first assigned each submission to be either small-optimization (1 point), medium-optimization (5 points) or large-optimization (10 points), depending on how useful the optimization is. The score of a gas report is the sum of these points, divided by the maximum number of points achieved by a gas report. This maximum number was 10 points, achieved by #67.

The number of points achieved by this report is 3 points. Thus the final score of this gas report is (3/10)*100 = 30.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter