Back to millersplanet's contests

Caviar contest - millersplanet's results

A fully on-chain NFT AMM that allows you to trade every NFT in a collection.

General Information

Platform: Code4rena

Start Date: 12/12/2022

Pot Size: $36,500 USDC

Total HM: 8

Participants: 103

Period: 7 days

Judge: berndartmueller

Id: 193

League: ETH

Caviar

Findings Distribution

Researcher Performance

Rank: 78/103

Findings: 1

Award: $14.83

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCaviar

Findings Information

🌟 Selected for report: Rolezn

Also found by: 0x1f8b, 0xAgro, 0xSmartContract, 0xab00, 0xhacksmithh, Aymen0909, Bnke0x0, Breeje, Diana, HardlyCodeMan, IllIllI, JC, JrNet, Madalad, NoamYakov, RaymondFam, ReyAdmirado, SleepingBugs, UdarTeam, c3phas, carlitox477, cryptonue, gz627, lukris02, millersplanet, oyc_109, pavankv, ret2basic, saneryee, tnevler

Awards

14.833 USDC - $14.83

Labels

bug
G (Gas Optimization)
grade-b
G-06

External Links

Link to GitHub issue

[GAS] Redundant built-in safe arithmetics

Instances (4) : SafeERC20Namer.sol#13,22,33,39

Avoid unnecessary built-in safe arithmetics. In the following for loops, each increment is performed with bound-checks when they are entirely redundant :

SafeERC20Namer.sol#13:

for (uint256 j = 0; j < 32; j++) {
	bytes1 char = x[j];
	if (char != 0) {
		bytesString[charCount] = char;
		charCount++;
	}
}

SafeERC20Namer.sol#22:

for (uint256 j = 0; j < charCount; j++) {
        (...)
}

SafeERC20Namer.sol#33:

for (uint256 i = 32; i < 64; i++) {
        (...)
}

SafeERC20Namer.sol#39:

for (uint256 i = 0; i < charCount; i++) {
        (...)
}

Due to the inherent constraints of Solidity and the declaration of the variables, i and j are guaranteed to fit within a uint256 variable, meaning that performing a safe incrementation on each loop for the i and j variables are redundant and costly.

To optimize such code blocks, it's recommended to place the code implementation of the bytes32ToString and the parseStringData functions inside an unchecked code block, saving, for example, around 8000 gas in a 13 character string conversion:

SafeERC20Namer.sol#10-27:

function bytes32ToString(bytes32 x) private pure returns (string memory) {
	unchecked {
		bytes memory bytesString = new bytes(32);
			uint256 charCount = 0;
			for (uint256 j = 0; j < 32; j++) {
				bytes1 char = x[j];
				if (char != 0) {
					bytesString[charCount] = char;
					charCount++;
				}
			}
			bytes memory bytesStringTrimmed = new bytes(charCount);
			for (uint256 j = 0; j < charCount; j++) {
				bytesStringTrimmed[j] = bytesString[j];
			}
		return string(bytesStringTrimmed);
	}
}

SafeERC20Namer.sol#30-44:

function parseStringData(bytes memory b) private pure returns (string memory) {
	unchecked {
		uint256 charCount = 0;
		// first parse the charCount out of the data
		for (uint256 i = 32; i < 64; i++) {
			charCount <<= 8;
			charCount += uint8(b[i]);
		}

		bytes memory bytesStringTrimmed = new bytes(charCount);
		for (uint256 i = 0; i < charCount; i++) {
			bytesStringTrimmed[i] = b[i + 64];
		}
		return string(bytesStringTrimmed);
	}
}

#0 - c4-judge

2023-01-14T17:21:51Z

berndartmueller marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter