Platform: Code4rena
Start Date: 12/09/2022
Pot Size: $75,000 USDC
Total HM: 19
Participants: 110
Period: 7 days
Judge: HardlyDifficult
Total Solo HM: 9
Id: 160
League: ETH
Rank: 43/110
Findings: 2
Award: $117.87
π Selected for report: 0
π Solo Findings: 0
π Selected for report: Lambda
Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xDanielC, 0xNazgul, 0xSmartContract, 0xbepresent, Anth3m, Aymen0909, B2, CRYP70, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Funen, JC, JansenC, Jeiwan, KIntern_NA, MasterCookie, MiloTruck, Olivierdem, PaludoX0, R2, RaymondFam, ReyAdmirado, StevenL, The_GUILD, Tomo, Trust, V_B, __141345__, asutorufos, ayeslick, bin2chen, brgltd, bulej93, c3phas, cccz, ch0bu, cryptphi, csanuragjain, d3e4, delfin454000, djxploit, erictee, fatherOfBlocks, gogo, hansfriese, indijanc, ladboy233, leosathya, lukris02, malinariy, martin, pedr02b2, pfapostol, rvierdiiev, slowmoses, smiling_heretic, tnevler, wagmi
82.4415 USDC - $82.44
During the audit, 3 low and 3 non-critical issues were found.
| β | Title | Risk Rating | Instance Count |
|---|---|---|---|
| L-1 | Storage variables can be packed tightly | Low | 6 |
| L-2 | Check zero denominator | Low | 2 |
| L-3 | Large number of elements may cause out-of-gas error | Low | 6 |
| NC-1 | Order of Functions | Non-Critical | 5 |
| NC-2 | Floating pragma | Non-Critical | 46 |
| NC-3 | Missing NatSpec | Non-Critical | 74 |
According to docs, multiple, contiguous items that need less than 32 bytes are packed into a single storage slot if possible. It might be beneficial to use reduced-size types if you are dealing with storage values because the compiler will pack multiple elements into one storage slot, and thus, combine multiple reads or writes into a single operation.
Consider changing order of variables to, for example:
uint40 duration; uint96 maximumPrice; uint16 splitBps; address payable splitRecipient;
If the input parameter totalVotingPower is equal to zero, this will cause the function call failure on division.
Add the check to prevent function call failure.
Loops that do not have a fixed number of iterations, for example, loops that depend on storage values, have to be used carefully: Due to the block gas limit, transactions can only consume a certain amount of gas. Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point.
Restrict the maximum number of elements.
According to Style Guide, ordering helps readers identify which functions they can call and to find the constructor and fallback definitions easier.
Functions should be grouped according to their visibility and ordered:
Reorder functions where possible.
Contracts should be deployed with the same compiler version. It helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
All contracts.
According to SWC-103, pragma version should be locked.
No NatSpec or any comments for 74 functions in 17 contracts.
Add NatSpec for all functions.
#0 - HardlyDifficult
2022-09-30T19:09:44Z
π Selected for report: CertoraInc
Also found by: 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xNazgul, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, B2, Bnke0x0, CRYP70, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diraco, Fitraldys, Funen, IgnacioB, JAGADESH, JC, Lambda, LeoS, Matin, Metatron, MiloTruck, Noah3o6, Ocean_Sky, Olivierdem, PaludoX0, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Saintcode_, Sm4rty, SnowMan, StevenL, Tomio, Tomo, V_B, Waze, __141345__, ajtra, asutorufos, aysha, brgltd, bulej93, c3phas, ch0bu, d3e4, delfin454000, dharma09, djxploit, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, got_targ, ignacio, jag, karanctf, ladboy233, leosathya, lukris02, m_Rassska, malinariy, martin, natzuu, pashov, peanuts, peiw, pfapostol, prasantgupta52, robee, simon135, slowmoses, sryysryy, tnevler
35.4285 USDC - $35.43
During the audit, 6 gas issues were found.
| β | Title | Instance Count |
|---|---|---|
| G-1 | Postfix increment | 1 |
| G-2 | <>.length in loops | 10 |
| G-3 | Initializing variables with default value | 9 |
| G-4 | > 0 is more expensive than =! 0 | 2 |
| G-5 | x += y is more expensive than x = x + y | 9 |
| G-6 | Using unchecked blocks saves gas | 12 |
Prefix increment costs less gas than postfix.
Consider using prefix increment where it is relevant.
Reading the length of an array at each iteration of the loop consumes extra gas.
Store the length of an array in a variable before the loop, and use it.
It costs gas to initialize integer variables with 0 or bool variables with false but it is not necessary.
Remove initialization for default values.
For example:
for (uint256 i; i < hadPreciouses.length; ++i) {
> 0 is more expensive than =! 0Use =! 0 instead of > 0, where possible.
x += y is more expensive than x = x + yUse x = x + y instead of x += y.
Use x = x - y instead of x -= y.
In Solidity 0.8+, thereβs a default overflow and underflow check on unsigned integers. When an overflow or underflow isnβt possible, some gas can be saved by using unchecked blocks.
Change:
for (uint256 i; i < n; ++i) { // ... }
to:
for (uint256 i; i < n;) { // ... unchecked { ++i; } }