ENS contest - robee's results

Assert instead require to validate user inputs

    From solidity docs: Properly functioning code should never reach a failing assert statement; if this happens there is a bug in your contract which you should fix.
    With assert the user pays the gas and with require it doesn't. The ETH network gas isn't cheap and users can see it as a scam.
    

Code instances:

    RRUtils.sol : reachable assert in line 21
    RRUtils.sol : reachable assert in line 51

Div by 0

Division by 0 can lead to accidentally revert, (An example of a similar issue - https://github.com/code-423n4/2021-10-defiprotocol-findings/issues/84)

Code instances:

    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/ethregistrar/StablePriceOracle.sol#L90 in some constellation in the future ethPrice might be 0 and you want to support it (instead of the current DOS)

Open TODOs

Open TODOs can hint at programming or architectural errors that still need to be fixed. These files has open TODOs:

Code instance:

Open TODO in DNSSECImpl.sol line 237 : // TODO: Check key isn't expired, unless updating key itself

Check transfer receiver is not 0 to avoid burned money

Transferring tokens to the zero address is usually prohibited to accidentally avoid "burning" tokens by sending them to an unrecoverable zero address.

Code instances:

    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/NameWrapper.sol#L600
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/NameWrapper.sol#L820
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/mocks/UpgradedNameWrapperMock.sol#L49
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/ERC1155Fuse.sol#L199
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/NameWrapper.sol#L230
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/NameWrapper.sol#L341
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/ERC1155Fuse.sol#L286
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/ERC1155Fuse.sol#L176
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/registry/ENSRegistry.sol#L65

Add a timelock

To give more trust to users: functions that set key/critical variables should be put behind a timelock.

Code instances:

    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/registry/ENSRegistry.sol#L86
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/wrapper/ERC1155Fuse.sol#L102

Two Steps Verification before Transferring Ownership

The following contracts have a function that allows them an admin to change it to a different address. If the admin accidentally uses an invalid address for which they do not have the private key, then the system gets locked. It is important to have two steps admin change where the first is announcing a pending new admin and the new address should then claim its ownership. A similar issue was reported in a previous contest and was assigned a severity of medium: code-423n4/2021-06-realitycards-findings#105

Code instances:

    ENSRegistry.sol
    DNSSECImpl.sol
    Ownable.sol
    ENSRegistryWithFallback.sol

Named return issue

Users can mistakenly think that the return value is the named return, but it is actually the actualreturn statement that comes after. To know that the user needs to read the code and is confusing. Furthermore, removing either the actual return or the named return will save gas.

Code instances:

    NameWrapper.sol, ownerOf
    AddrResolver.sol, addr
    EllipticCurve.sol, isZeroCurve
    DNSSECImpl.sol, validateSignedSet
    Multicallable.sol, multicall
    RRUtils.sol, readName

Not verified owner

    owner param should be validated to make sure the owner address is not address(0).
    Otherwise if not given the right input all only owner accessible functions will be unaccessible.
    
    

Code instances:

    NameWrapper.sol.setRecord owner
    BaseRegistrarImplementation.sol.reclaim owner

Solidity compiler versions mismatch

The project is compiled with different versions of solidity, which is not recommended because it can lead to undefined behaviors.

Not verified input

external / public functions parameters should be validated to make sure the address is not 0. Otherwise if not given the right input it can mistakenly lead to loss of user funds.

Code instances:

    ENSRegistry.sol.setApprovalForAll operator
    ERC1155ReceiverMock.sol.onERC1155Received operator
    TestResolver.sol.setAddr addr
    ERC1155Fuse.sol.safeBatchTransferFrom to

Require with empty message

The following requires are with empty messages. This is very important to add a message for any require. So the user has enough information to know the reason of failure.

Code instances:

    Solidity file: BaseRegistrarImplementation.sol, In line 152 with Empty Require message.
    Solidity file: BytesUtils.sol, In line 159 with Empty Require message.
    Solidity file: TestRegistrar.sol, In line 32 with Empty Require message.

Unnecessary cast

Code instance:

    address ReverseRegistrar.sol.setDefaultResolver - unnecessary casting address(resolver)

Unnecessary index init

In for loops you initialize the index to start from 0, but it already initialized to 0 in default and this assignment cost gas. It is more clear and gas efficient to declare without assigning 0 and will have the same meaning:

Code instances:

    ERC1155Fuse.sol, 92
    ERC1155Fuse.sol, 205
    EllipticCurve.sol, 304
    Multicallable.sol, 10

Unnecessary default assignment

Unnecessary default assignments, you can just declare and it will save gas and have the same meaning.

Code instances:

    RRUtils.sol (L#63) : uint constant RRSIG_TYPE = 0;
    RRUtils.sol (L#181) : uint constant DNSKEY_FLAGS = 0;
    RRUtils.sol (L#200) : uint constant DS_KEY_TAG = 0;

Use unchecked to save gas for certain additive calculations that cannot overflow

You can use unchecked in the following calculations since there is no risk to overflow:

Code instances:

    BaseRegistrarImplementation.sol (L#140) - require(expiries[id] + GRACE_PERIOD >= block.timestamp);
    BaseRegistrarImplementation.sol (L#124) - expiries[id] = block.timestamp + duration;
    BaseRegistrarImplementation.sol (L#97) - return expiries[id] + GRACE_PERIOD < block.timestamp;
    TestRegistrar.sol (L#34) - expiryTimes[label] = block.timestamp + registrationPeriod;
    BaseRegistrarImplementation.sol (L#136) - return block.timestamp + duration;
    BaseRegistrarImplementation.sol (L#134) - emit NameRegistered(id, owner, block.timestamp + duration); 
    BaseRegistrarImplementation.sol (L#122) - require(block.timestamp + duration + GRACE_PERIOD > block.timestamp + GRACE_PERIOD); 

Consider inline the following functions to save gas

You can inline the following functions instead of writing a specific function to save gas.
(see https://github.com/code-423n4/2021-11-nested-findings/issues/167 for a similar issue.)

Code instances

    StablePriceOracle.sol, _premium, { return 0; }
    EllipticCurve.sol, zeroAffine, { return (0, 0); }
    EllipticCurve.sol, zeroProj, { return (0, 1, 0); }
    BytesUtils.sol, readUint8, { return uint8(self[idx]); }

Change if -> revert pattern to require

Change if -> revert pattern to 'require' to save gas and improve code quality, if (some_condition) { revert(revert_message) }

to: require(!some_condition, revert_message)

In the following locations:

Code instances:

    ERC1155Fuse.sol, 310
    ERC1155Fuse.sol, 341

Do not cache msg.sender

We recommend not to cache msg.sender since calling it is 2 gas while reading a variable is more.

Code instances:

    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/registry/ReverseRegistrar.sol#L183
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/dnssec-oracle/Owned.sol#L16
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/root/Ownable.sol#L16
    https://github.com/code-423n4/2022-07-ens/tree/main/contracts/registry/ENSRegistry.sol#L31

Use != 0 instead of > 0

Using != 0 is slightly cheaper than > 0. (see https://github.com/code-423n4/2021-12-maple-findings/issues/75 for similar issue)

Code instances:

    SafeMath.sol, 30: change 'b > 0' to 'b != 0'
    EllipticCurve.sol, 340: change 'scalar > 0' to 'scalar != 0'

Short the following require messages

The following require messages are of length more than 32 and we think are short enough to short them into exactly 32 characters such that it will be placed in one slot of memory and the require function will cost less gas. The list:

Code instances:

    Solidity file: ERC1155Fuse.sol, In line 199, Require message length to shorten: 37, The message: ERC1155: transfer to the zero address
    Solidity file: ERC1155Fuse.sol, In line 249, Require message length to shorten: 33, The message: ERC1155: mint to the zero address

State variables that could be set immutable

In the following files there are state variables that could be set immutable to save gas.

Code instances:

    baseNode in BaseRegistrarImplementation.sol
    target in DummyProxyRegistry.sol
    old in ENSRegistryWithFallback.sol
    rootNode in FIFSRegistrar.sol
    ens in FIFSRegistrar.sol
    _uri in StaticMetadataService.sol
    ens in BaseRegistrarImplementation.sol

Unused state variables

Unused state variables are gas consuming at deployment (since they are located in storage) and are a bad code practice. Removing those variables will decrease deployment gas cost and improve code quality. This is a full list of all the unused storage variables we found in your code base.

Code instance:

    DNSSEC.sol, anchors

Caching array length can save gas

Caching the array length is more gas efficient. This is because access to a local variable in solidity is more efficient than query storage / calldata / memory. We recommend to change from:

for (uint256 i=0; i<array.length; i++) { ... }

to:

uint len = array.length  
for (uint256 i=0; i<len; i++) { ... }

Code instances:

    ERC1155Fuse.sol, accounts, 92
    ERC1155Fuse.sol, ids, 205
    Multicallable.sol, data, 10

Prefix increments are cheaper than postfix increments

Prefix increments are cheaper than postfix increments. Further more, using unchecked {++x} is even more gas efficient, and the gas saving accumulates every iteration and can make a real change There is no risk of overflow caused by increamenting the iteration index in for loops (the ++i in for (uint256 i = 0; i < numIterations; ++i)). But increments perform overflow checks that are not necessary in this case. These functions use not using prefix increments (++x) or not using the unchecked keyword:

Code instances:

    just change to unchecked: ERC1155Fuse.sol, i, 92
    change to prefix increment and unchecked: StringUtils.sol, len, 14
    change to prefix increment and unchecked: Multicallable.sol, i, 10
    change to prefix increment and unchecked: DNSSECImpl.sol, i, 93