Back to rfa's contests

Cudos contest - rfa's results

Decentralised cloud computing for Web3.

General Information

Platform: Code4rena

Start Date: 03/05/2022

Pot Size: $75,000 USDC

Total HM: 6

Participants: 55

Period: 7 days

Judge: Albert Chon

Total Solo HM: 2

Id: 116

League: COSMOS

Cudos

Findings Distribution

Researcher Performance

Rank: 50/55

Findings: 1

Award: $71.13

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCudos

Findings Information

🌟 Selected for report: GermanKuber

Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, AlleyCat, CertoraInc, Dravee, Funen, GimelSec, IllIllI, JC, MaratCerby, WatchPug, Waze, defsec, delfin454000, ellahi, gzeon, hake, hansfriese, ilan, jonatascm, nahnah, oyc_109, peritoflores, rfa, robee, simon135, slywaters, sorrynotsorry

Awards

71.1343 USDC - $71.13

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

##GAS

Title: Initializing var with default value

Occurrences: https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L54 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L231

By declaring var by not set its default value (0 for uint) can save deployment gas cost Change to:

	uint256 public state_lastValsetNonce;

And also for i inside for() loop: https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L128 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L233 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L263 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L453 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L568 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L579 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L660

Title: Using prefix increment for i in a for() loop

Occurrences: https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L128 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L233 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L263 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L282-L284 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L453 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L568 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L579 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L660

Using prefix increment and unchecked for i can save execution gas fee:

 for (uint256 i = 0; i < _users.length; ++i) {
            require(
                _users[i] != address(0),
                "User is the zero address"
            );
            whitelisted[_users[i]] = _isWhitelisted;
        }

Title: Using calldata to store array as a parameter

Occurrences: https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L125 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L145-L149 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L220-L226

Storing read only array with calldata is more effective for gas opt than using memory

Title: Using && is not effective

Occurence: https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L411-L414

Instead of using && operator which cost more 15 gas per execution, Using multiple require() is more effective Change to:


			require(
				_amounts.length == _destinations.length,
				"Malformed batch of transactions"
			);
			require(
				_amounts.length == _fees.length,
				"Malformed batch of transactions"
			);

Title: Variable can set to constant

https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/CosmosToken.sol#L5

Set MAX_UINT var to constant can save gas on every cosmosERC20 deployment

	uint256 constant MAX_UINT = 2**256 - 1;

Title: Function visibility can set to external

Occurrences: https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L124 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L140 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L144 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L166-L170 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L364 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L595 https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L611

The functions is never called in the contract. Instead of set the visibility to public, setting it to external is more effective

Title: Using += operator

https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L244

Change the code to:

	cumulativePower += _currentPowers[i]

Can save gas

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter