Back to lucacez's contests

ENS contest - lucacez's results

Decentralised naming for wallets, websites, & more.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $75,000 USDC

Total HM: 16

Participants: 100

Period: 7 days

Judge: LSDan

Total Solo HM: 7

Id: 145

League: ETH

ENS

Findings Distribution

Researcher Performance

Rank: 93/100

Findings: 1

Award: $39.87

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryENS

Findings Information

🌟 Selected for report: 0xKitsune

Also found by: 0x040, 0x1f8b, 0x29A, 0xNazgul, 0xNineDec, 0xsam, 8olidity, Aussie_Battlers, Aymen0909, Bnke0x0, CRYP70, Ch_301, Chom, Deivitto, Dravee, ElKu, Fitraldys, Funen, GimelSec, IllIllI, JC, JohnSmith, Lambda, MiloTruck, Noah3o6, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, _Adam, __141345__, ajtra, ak1, arcoun, asutorufos, benbaessler, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, delfin454000, durianSausage, fatherOfBlocks, gogo, hake, hyh, joestakey, karanctf, kyteg, lcfr_eth, lucacez, m_Rassska, rajatbeladiya, rbserver, robee, rokinot, sach1r0, sahar, samruna, sashik_eth, seyni, simon135, zuhaibmohd

Awards

39.8689 USDC - $39.87

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

++I COSTS LESS GAS THAN I++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS (--I/I--TOO)

Saves 6 gas PER LOOP

There are 3 instances of this issue:

File: contracts/dnssec-oracle/DNSSECImpl.sol

93:      for(uint i = 0; i < input.length; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/DNSSECImpl.sol#L93

File: contracts/dnssec-oracle/BytesUtils.sol

266:      for(uint i = 0; i < len; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/BytesUtils.sol#L266

File: contracts/ethregistrar/ETHRegistrarController.sol

256:        for (uint256 i = 0; i < data.length; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/ethregistrar/ETHRegistrarController.sol#L256

<ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP

The overheads outlined below are PER LOOP, excluding the first loop

  • storage arrays incur a Gwarmaccess (100 gas)
  • memory arrays use MLOAD (3 gas)
  • calldata arrays use CALLDATALOAD (3 gas)

Caching the length changes each of these to a DUP<N> (3 gas), and gets rid of the extra DUP<N> needed to store the stack offset

There is 2 instance of this issue:

File: contracts/dnssec-oracle/DNSSECImpl.sol

93: for(uint i = 0; i < input.length; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/DNSSECImpl.sol#L93

File: contracts/ethregistrar/ETHRegistrarController.sol

256:        for (uint256 i = 0; i < data.length; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/ethregistrar/ETHRegistrarController.sol#L256

USING PRIVATE RATHER THAN PUBLIC FOR CONSTANTS, SAVES GAS

If needed, the value can be read from the verified contract source code. Savings are due to the compiler not having to create non-payable getter functions for deployment calldata, and not adding another entry to the method ID table

There is 2 instance of this issue:

File: contracts/dnssec-oracle/DNSSECImpl.sol

21:    uint16 constant DNSCLASS_IN = 1;

23:    uint16 constant DNSTYPE_DS = 43;
24:    uint16 constant DNSTYPE_DNSKEY = 48;

26:    uint constant DNSKEY_FLAG_ZONEKEY = 0x100;

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/DNSSECImpl.sol#L21-L26

File: contracts/dnssec-oracle/RRUtils.sol

63:    uint constant RRSIG_TYPE = 0;
64:    uint constant RRSIG_ALGORITHM = 2;
65:    uint constant RRSIG_LABELS = 3;
66:    uint constant RRSIG_TTL = 4;
67:    uint constant RRSIG_EXPIRATION = 8;
68:    uint constant RRSIG_INCEPTION = 12;
69:    uint constant RRSIG_KEY_TAG = 16;
70:    uint constant RRSIG_SIGNER_NAME = 18;

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/RRUtils.sol#L63-L70

File: contracts/dnssec-oracle/RRUtils.sol

181:    uint constant DNSKEY_FLAGS = 0;
182:    uint constant DNSKEY_PROTOCOL = 2;
183:   uint constant DNSKEY_ALGORITHM = 3;
184:    uint constant DNSKEY_PUBKEY = 4;

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/RRUtils.sol#L181-L184

File: contracts/dnssec-oracle/RRUtils.sol

200:    uint constant DS_KEY_TAG = 0;
201:    uint constant DS_ALGORITHM = 2;
202:    uint constant DS_DIGEST_TYPE = 3;
203:    uint constant DS_DIGEST = 4;

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/RRUtils.sol#L200-L203

File: contracts/ethregistrar/ETHRegistrarController.sol

21:     uint256 public constant MIN_REGISTRATION_DURATION = 28 days;

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/ethregistrar/ETHRegistrarController.sol#L21

IT COSTS MORE GAS TO INITIALIZE VARIABLES TO ZERO THAN TO LET THE DEFAULT OF ZERO BE APPLIED

There are 3 instances of this issue:

File: contracts/dnssec-oracle/DNSSECImpl.sol

93:      for(uint i = 0; i < input.length; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/DNSSECImpl.sol#L93

File: contracts/dnssec-oracle/BytesUtils.sol

266:      for(uint i = 0; i < len; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/BytesUtils.sol#L266

File: contracts/ethregistrar/ETHRegistrarController.sol

256:        for (uint256 i = 0; i < data.length; i++) {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/ethregistrar/ETHRegistrarController.sol#L256

OPTIMIZE NAMES TO SAVE GAS

public/external function names and public member variable names can be optimized to save gas. See this link for an example of how it works. Below are the interfaces/abstract contracts that can be optimized so that the most frequently-called functions use the least amount of gas possible during method lookup. Method IDs that have two leading zero bytes can save 128 gas each during deployment, and renaming functions to have lower method IDs will save 22 gas per call, per sorted position shifted

There is 2 instance of this issue:

File: contracts/dnssec-oracle/digests/Digest.sol

6:     interface Digest {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/dnssec-oracle/digests/Digest.sol#L6

File: contracts/ethregistrar/IETHRegistrarController.sol

5:     interface IETHRegistrarController {

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/ethregistrar/IETHRegistrarController.sol#L5

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter