Platform: Code4rena
Start Date: 14/09/2022
Pot Size: $50,000 USDC
Total HM: 25
Participants: 110
Period: 5 days
Judge: hickuphh3
Total Solo HM: 9
Id: 162
League: ETH
Rank: 53/110
Findings: 2
Award: $89.45
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Respx
Also found by: 0x1f8b, 0xDecorativePineapple, 0xNazgul, 0xPanas, 0xSmartContract, 0xc0ffEE, 0xmuxyz, Aymen0909, Bahurum, Bnke0x0, CodingNameKiki, Deivitto, Jeiwan, Lambda, Picodes, PwnPatrol, R2, RaymondFam, Rolezn, Ruhum, Saintcode_, SooYa, Tointer, V_B, ajtra, ak1, async, auditor0517, brgltd, c3phas, carrotsmuggler, cccz, csanuragjain, datapunk, djxploit, durianSausage, eierina, erictee, gogo, imare, joestakey, jonatascm, kv, ladboy233, leosathya, lukris02, oyc_109, pashov, pauliax, rbserver, robee, rokinot, rvierdiiev, scaraven, simon135, unforgiven, wagmi, zzzitron
36.6223 USDC - $36.62
During the audit, 7 non-critical issues were found.
| â„– | Title | Risk Rating | Instance Count |
|---|---|---|---|
| NC-1 | Scientific notation may be used | Non-Critical | 4 |
| NC-2 | Constants may be used | Non-Critical | 7 |
| NC-3 | Missing NatSpec | Non-Critical | 16 |
| NC-4 | Open TODO | Non-Critical | 1 |
| NC-5 | Inconsistent use of named return variables | Non-Critical | |
| NC-6 | Public functions can be external | Non-Critical | 5 |
| NC-7 | Commented code | Non-Critical | 6 |
For readability, it is better to use scientific notation.
Replace 10000 with 10e4.
Constants may be used instead of literal values.
Define constant variables, especially, for repeated values.
NatSpec is missing for 16 functions in 3 contracts.
Add NatSpec for all functions.
Resolve issues.
Some functions return named variables, others return explicit values.
For example:
If functions are not called by the contract where they are defined, they can be declared external.
Make public functions external, where possible.
Delete commented code.
#0 - HickupHH3
2022-11-05T15:31:21Z
while main QA reports contains only NCs, the 1 low issue is valid and is described non-generically, hence the satisfactory rating.
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xc0ffEE, 0xkatana, Aymen0909, Bnke0x0, Deivitto, Diana, JAGADESH, KIntern_NA, Lambda, MiloTruck, R2, RaymondFam, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Samatak, Sm4rty, SnowMan, Tomio, Tomo, WilliamAmbrozic, _Adam, __141345__, ajtra, ak1, async, c3phas, ch0bu, cryptostellar5, d3e4, delfin454000, dharma09, djxploit, durianSausage, eierina, erictee, fatherOfBlocks, gianganhnguyen, gogo, ignacio, imare, jag, jonatascm, leosathya, lukris02, malinariy, oyc_109, pashov, pauliax, peanuts, peiw, prasantgupta52, robee, rokinot, rotcivegaf, rvierdiiev, seyni, simon135, slowmoses, sryysryy, tnevler, zishansami
52.8286 USDC - $52.83
During the audit, 7 gas issues were found.
Prefix increment costs less gas than postfix.
Consider using prefix increment where it is relevant.
Reading the length of an array at each iteration of the loop consumes extra gas.
Store the length of an array in a variable before the loop, and use it.
It costs gas to initialize integer variables with 0 or bool variables with false but it is not necessary.
Remove initialization for default values.
For example:
for (uint256 i; i < array.length; ++i) {
> 0 is more expensive than =! 0Use =! 0 instead of > 0, where possible.
x += y is more expensive than x = x + yUse x = x + y instead of x += y.
Use x = x - y instead of x -= y.
In Solidity 0.8+, there’s a default overflow and underflow check on unsigned integers. When an overflow or underflow isn’t possible, some gas can be saved by using unchecked blocks.
Change:
for (uint256 i; i < n; ++i) { // ... }
to:
for (uint256 i; i < n;) { // ... unchecked { ++i; } }
Using immutables is cheaper than storage-writing operations.
Use immutables where possible.
#0 - HickupHH3
2022-11-08T15:11:59Z
immutables save quite a good chunk. Capped to 10k gas.