Back to nahnah's contests

JPEG'd contest - nahnah's results

Bridging the gap between DeFi and NFTs.

General Information

Platform: Code4rena

Start Date: 07/04/2022

Pot Size: $100,000 USDC

Total HM: 20

Participants: 62

Period: 7 days

Judge: LSDan

Total Solo HM: 11

Id: 107

League: ETH

JPEG'd

Findings Distribution

Researcher Performance

Rank: 58/62

Findings: 1

Award: $80.91

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJPEG'd

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, Cityscape, Cr4ckM3, FSchmoede, Foundation, Funen, Hawkeye, IllIllI, JMukesh, Meta0xNull, PPrieditis, Picodes, TerrierLover, Tomio, WatchPug, berndartmueller, catchup, delfin454000, dirk_y, ellahi, hickuphh3, ilan, kebabsec, kenta, nahnah, rayn, rfa, robee, rokinot, saian, securerodd, slywaters, sorrynotsorry

Awards

80.9074 USDC - $80.91

Labels

bug
G (Gas Optimization)
sponsor acknowledged

External Links

Link to GitHub issue

GAS

1. repetition in the same boolean operation

summary

POC https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/NFTVault.sol#L699-L728

before '''

require( position.borrowType == BorrowType.NOT_CONFIRMED ||
    (position.borrowType == BorrowType.USE_INSURANCE && _useInsurance) ||
    (position.borrowType == BorrowType.NON_INSURANCE && !_useInsurance),
        "invalid_insurance_mode"
    );

if (position.borrowType == BorrowType.USE_INSURANCE || _useInsurance) {
	//some codes
}

if (position.borrowType == BorrowType.NOT_CONFIRMED) {
	//some codes
}

'''

after '''

bool isNotConfirmed =  position.borrowType == BorrowType.NOT_CONFIRMED;
bool isUseInsurance = position.borrowType == BorrowType.USE_INSURANCE;
bool isNotUseInsurance = position.borrowType == BorrowType.NON_INSURANCE;

require( isNotConfirmed  ||
    (isUseInsurance && _useInsurance) ||
    (isNotUseInsurance && !_useInsurance),
        "invalid_insurance_mode"
    );

if (isUseInsurance || _useInsurance) {
	//some code s
}

if (isNotConfirmed) {
	//some codes
}

'''

2. return the same address

summary

whether the nft is owned by this contract or not, it will return the same address. so that this conditional statement can be omitted to save gas

POC https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/helpers/CryptoPunksHelper.sol#L31

before '''

address account = ICryptoPunks(nftAddress).punkIndexToAddress(_idx);
return account == address(this) ? owner() : account;

'''

after '''

address account = ICryptoPunks(nftAddress).punkIndexToAddress(_idx);
return account;

'''

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter