Platform: Code4rena
Start Date: 21/11/2022
Pot Size: $90,500 USDC
Total HM: 18
Participants: 101
Period: 7 days
Judge: Picodes
Total Solo HM: 4
Id: 183
League: ETH
Rank: 84/101
Findings: 1
Award: $39.65
π Selected for report: 0
π Solo Findings: 0
π Selected for report: gzeon
Also found by: 0xPanda, 0xSmartContract, B2, Deivitto, Diana, JohnSmith, PaludoX0, Rahoz, RaymondFam, ReyAdmirado, Rolezn, Schlagatron, Secureverse, Tomio, __141345__, adriro, ajtra, aphak5010, c3phas, chaduke, codeislight, cryptonue, datapunk, dharma09, halden, karanctf, keccak123, oyc_109, pavankv, sakshamguruji, saneryee, unforgiven
39.6537 USDC - $39.65
code snippet:- https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L798 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L795 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L433 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L802 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L805 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L785 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L787 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L289 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L403 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/PxGmxReward.sol#L53 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexFees.sol#L102
The unchecked keyword is new in solidity version 0.8.0, so this only applies to that version or higher, which these instances are. This saves 30-40 gas per loop.
code snippet:- https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L163 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L351 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L396
It may not be obvious, but every time you copy a storage struct/array/mapping to a memory variable, you are literally copying each member by reading it from storage, which is expensive. And when you use the storage keyword, you are just storing a pointer to the storage, which is much cheaper.
code snippet:- https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L160 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L216 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L386
This results in the keccak operation being performed whenever the variable is used, increasing gas costs relative to just storing the output hash. Changing to immutable will only perform hashing on contract deployment which will save gas.
code snippet :- https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PxERC20.sol#L9 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PxERC20.sol#L10
5 . Mark functions as payable when users can't mistakenly send ETH :-
Functions marked as payable are 24 gas cheaper than their counterpart (in non-payable functions, Solidity adds an extra check to ensure msg.value is zero). When users can't mistakenly send ETH to a function (as an example, when there's an onlyOwner modifier or alike), it is safe to mark it as payable.
code snippet:- https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L300 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexFees.sol#L63 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexFees.sol#L83 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L884 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L895 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L909 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexGmx.sol#L862 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L93 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L151 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L179 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L432 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L461
#0 - c4-judge
2022-12-05T14:37:19Z
Picodes marked the issue as grade-b
#1 - Picodes
2022-12-05T14:37:32Z
Please use a better formatting for your submissions
#2 - c4-sponsor
2022-12-09T05:30:39Z
drahrealm marked the issue as sponsor disputed
#3 - drahrealm
2022-12-09T05:30:40Z
With the latest changes to the codebase (not reflected in the frozen codebase for audit here), some of the tips here are no longer beneficial, while others are considered minor relative to the added code complexity (aside from the fact that the target chains of the protocol is Arbitrum and Avalanche)