Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 75/133
Findings: 2
Award: $40.83
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rotcivegaf
Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, B2, Bahurum, Bnke0x0, Ch_301, CodingNameKiki, Deivitto, Diana, Funen, IllIllI, JC, JLevick, KIntern_NA, Lambda, OptimismSec, PaludoX0, RockingMiles, Rolezn, Sm4rty, Soosh, Tagir2003, Tointer, TomJ, Triangle, Trust, V_B, Waze, Yiko, __141345__, a12jmx, ajtra, asutorufos, ayeslick, aysha, bbuddha, bharg4v, bobirichman, brgltd, bytera, c3phas, cryptostellar5, cryptphi, csanuragjain, datapunk, delfin454000, durianSausage, exd0tpy, gogo, got_targ, jag, joestakey, karanctf, ladboy233, leosathya, lukris02, mics, millersplanet, natzuu, neko_nyaa, obront, oyc_109, parashar, peritoflores, rbserver, ret2basic, rokinot, ronnyx2017, rvierdiiev, sach1r0, seyni, sikorico, slowmoses, tnevler, yasir, yongskiws
28.0141 USDC - $28.01
In the contracts, floating pragmas should not be used. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
https://swcregistry.io/docs/SWC-103
frax-scope/ERC20PermitPermissionedMint.sol::2 => pragma solidity ^0.8.0; frax-scope/OperatorRegistry.sol::2 => pragma solidity ^0.8.0; frax-scope/frxETH.sol::2 => pragma solidity ^0.8.0; frax-scope/frxETHMinter.sol::2 => pragma solidity ^0.8.0; frax-scope/sfrxETH.sol::2 => pragma solidity ^0.8.0; frax-scope/xERC4626.sol::4 => pragma solidity ^0.8.0;
ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard.
It is therefore recommended to always either use OpenZeppelin's SafeERC20 library or at least to wrap each operation in a require statement.
To circumvent ERC20's approve functions race-condition vulnerability use OpenZeppelin's SafeERC20 library's safe{Increase|Decrease}Allowance functions.
In case the vulnerability is of no danger for your implementation, provide enough documentation explaining the reasonings.
frxETHToken.approve(address(sfrxETHToken), msg.value);
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Amithuddar, Aymen0909, B2, Ben, Bnke0x0, Chom, CodingNameKiki, Deivitto, Diana, Fitraldys, Funen, IllIllI, JAGADESH, JC, Metatron, Ocean_Sky, PaludoX0, Pheonix, RaymondFam, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Satyam_Sharma, Sm4rty, SnowMan, SooYa, Tagir2003, TomJ, Tomio, Triangle, V_B, Waze, __141345__, ajtra, albincsergo, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, bytera, c3phas, ch0bu, cryptostellar5, cryptphi, d3e4, delfin454000, dharma09, drdr, durianSausage, emrekocak, erictee, fatherOfBlocks, gogo, got_targ, imare, jag, karanctf, ladboy233, leosathya, lukris02, medikko, mics, millersplanet, natzuu, neko_nyaa, oyc_109, peanuts, prasantgupta52, rbserver, ret2basic, rokinot, ronnyx2017, rotcivegaf, sach1r0, samruna, seyni, slowmoses, tnevler, wagmi, zishansami
12.8158 USDC - $12.82
Uninitialized variables are assigned with the types default value.
Explicitly initializing a variable with it's default value costs unnecessary gas.
for (uint i = 0; i < minters_array.length; i++){
for (uint256 i = 0; i < arrayLength; ++i) {
for (uint256 i = 0; i < times; ++i) {
for (uint256 i = 0; i < original_validators.length; ++i) {
for (uint256 i = 0; i < numDeposits; ++i) {
https://mudit.blog/solidity-tips-and-tricks-to-save-gas-and-reduce-bytecode-size/
++I COSTS LESS GAS COMPARED TO I++ OR I += 1 (SAME FOR --I VS I-- OR I -= 1)Pre-increments and pre-decrements are cheaper.
For a uint256 i variable, the following is true with the Optimizer enabled at 10k:
Increment:
i += 1 is the most expensive formi++ costs 6 gas less than i += 1++i costs 5 gas less than i++ (11 gas less than i += 1)Decrement:
i -= 1 is the most expensive formi-- costs 11 gas less than i -= 1--i costs 5 gas less than i-- (16 gas less than i -= 1)for (uint i = 0; i < minters_array.length; i++){
++I/I++ SHOULD BE UNCHECKED{++I}/UNCHECKED{I++} WHEN IT IS NOT POSSIBLE FOR THEM TO OVERFLOW, AS IS THE CASE WHEN USED IN FORAND WHILELOOPSThe unchecked keyword is new in solidity version 0.8.0, so this only applies to that version or higher, which these instances are. This saves 30-40 gas per loop
for (uint i = 0; i < minters_array.length; i++){
for (uint256 i = 0; i < arrayLength; ++i) {
for (uint256 i = 0; i < times; ++i) {
for (uint256 i = 0; i < original_validators.length; ++i) {
for (uint256 i = 0; i < numDeposits; ++i) {
<ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOPReading array length at each iteration of the loop consumes more gas than necessary.
In the best case scenario (length read on a memory variable), caching the array length in the stack saves around 3 gas per iteration. In the worst case scenario (external calls at each iteration), the amount of gas wasted can be massive.
Here, Consider storing the array’s length in a variable before the for-loop, and use this new variable instead:
for (uint i = 0; i < minters_array.length; i++){
for (uint256 i = 0; i < original_validators.length; ++i) {
> 0 COSTS MORE GAS THAN != 0 WHEN USED ON A UINT IN A REQUIRE() STATEMENTThis change saves 6 gas per instance
require(sfrxeth_recieved > 0, 'No sfrxETH was returned');
require(numDeposits > 0, "Not enough ETH in contract");
REQUIRE()/REVERT() STRINGS LONGER THAN 32 BYTES COST EXTRA GASEach extra memory word of bytes past the original 32 incurs an MSTORE which costs 3 gas
require(amount <= currentWithheldETH, "Not enough withheld ETH in contract");