Back to samruna's contests

ENS contest - samruna's results

Decentralised naming for wallets, websites, & more.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $75,000 USDC

Total HM: 16

Participants: 100

Period: 7 days

Judge: LSDan

Total Solo HM: 7

Id: 145

League: ETH

ENS

Findings Distribution

Researcher Performance

Rank: 88/100

Findings: 1

Award: $39.87

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryENS

Findings Information

🌟 Selected for report: 0xKitsune

Also found by: 0x040, 0x1f8b, 0x29A, 0xNazgul, 0xNineDec, 0xsam, 8olidity, Aussie_Battlers, Aymen0909, Bnke0x0, CRYP70, Ch_301, Chom, Deivitto, Dravee, ElKu, Fitraldys, Funen, GimelSec, IllIllI, JC, JohnSmith, Lambda, MiloTruck, Noah3o6, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, _Adam, __141345__, ajtra, ak1, arcoun, asutorufos, benbaessler, brgltd, bulej93, c3phas, cRat1st0s, cryptonue, delfin454000, durianSausage, fatherOfBlocks, gogo, hake, hyh, joestakey, karanctf, kyteg, lcfr_eth, lucacez, m_Rassska, rajatbeladiya, rbserver, robee, rokinot, sach1r0, sahar, samruna, sashik_eth, seyni, simon135, zuhaibmohd

Awards

39.8689 USDC - $39.87

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. Using Expression for constant values

Expressions for constant values such as a call to keccak256(), should use immutable rather than constant.

Code: https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/BaseRegistrarImplementation.sol#L18-30 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/LinearPremiumPriceOracle.sol#L14

Mitigation: Make the variables immutable

  1. Splitting require() that use && can save gas

https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L268

  1. Packed vs Unpacked structure In ethereum, you pay gas for every storage slot you use. A slot is of 256 bits, and you can pack as many variables as you want in it. Packing is done by solidity compiler and optimizer automatically, you just need to declare the packable functions consecutively.

Code: https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L104 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L186 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L205 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L72-82

Mitigation: The above structure can be packed as

struct SignedSet { uint8 algorithm; uint8 labels; uint16 typeCovered; uint16 keytag; uint32 ttl; uint32 expiration; uint32 inception; bytes signerName; bytes data; bytes name; }

  1. Use of bytes32 Declaring variables of bytes32 type than byte is more cheaper. Code: https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L72-82

  2. Use of custom error Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them.

Code references: https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L12 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L146 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L159 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L172 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L185 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L199-200 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L235 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L262 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L268-270 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L307

Mitigation: Replace require with revert ERROR()

Mitigation: replace require with if (a != b) revert ERROR()

  1. Every variable assignment in Solidity costs gas. When initializing variables, we often waste gas by assigning default values that will never be used.. uint need not be initialized to 0 , since default is 0

Code: https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L264 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L50 https://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/RRUtils.sol#L63

  1. Function visibility Decscription: For all the public functions, the input parameters are copied to memory automatically, and it costs gas. If your function is only called externally, then you should explicitly mark it as external. External function’s parameters are not copied into memory but are read from calldata directly. This small optimization in your solidity code can save you a lot of gas when the function input parameters are huge.

Code: latestAnswer() should be declared external: - DummyOracle.latestAnswer() (contracts/ethregistrar/DummyOracle.sol#14-16) transferOwnership(address) should be declared external: - Ownable.transferOwnership(address) (contracts/root/Ownable.sol#18-21) uri(uint256) should be declared external: - StaticMetadataService.uri(uint256) (contracts/wrapper/StaticMetadataService.sol#11-13) setAlgorithm(uint8,Algorithm) should be declared external: - DNSSECImpl.setAlgorithm(uint8,Algorithm) (contracts/dnssec-oracle/DNSSECImpl.sol#58-61) setDigest(uint8,Digest) should be declared external: - DNSSECImpl.setDigest(uint8,Digest) (contracts/dnssec-oracle/DNSSECImpl.sol#69-72) setOwner(address) should be declared external: - Owned.setOwner(address) (contracts/dnssec-oracle/Owned.sol#18-20) commit(bytes32) should be declared external: - ETHRegistrarController.commit(bytes32) (contracts/ethregistrar/ETHRegistrarController.sol#120-123) register(string,address,uint256,bytes32,address,bytes[],bool,uint32,uint64) should be declared external: - ETHRegistrarController.register(string,address,uint256,bytes32,address,bytes[],bool,uint32,uint64) (contracts/ethregistrar/ETHRegistrarController.sol#125-187) withdraw() should be declared external: - ETHRegistrarController.withdraw() (contracts/ethregistrar/ETHRegistrarController.sol#210-212) setResolver(bytes32,address) should be declared external: - ENSRegistry.setResolver(bytes32,address) (contracts/registry/ENSRegistry.sol#86-89) setTTL(bytes32,uint64) should be declared external: - ENSRegistry.setTTL(bytes32,uint64) (contracts/registry/ENSRegistry.sol#96-99) register(bytes32,address) should be declared external: - FIFSRegistrar.register(bytes32,address) (contracts/registry/FIFSRegistrar.sol#33-35) setName(bytes32,string) should be declared external: - NameResolver.setName(bytes32,string) (contracts/registry/ReverseRegistrar.sol#9) setDefaultResolver(address) should be declared external: - ReverseRegistrar.setDefaultResolver(address) (contracts/registry/ReverseRegistrar.sol#53-59) claim(address) should be declared external: - ReverseRegistrar.claim(address) (contracts/registry/ReverseRegistrar.sol#67-69) claimWithResolver(address,address) should be declared external: - ReverseRegistrar.claimWithResolver(address,address) (contracts/registry/ReverseRegistrar.sol#99-105) setName(string) should be declared external: - ReverseRegistrar.setName(string) (contracts/registry/ReverseRegistrar.sol#114-122) node(address) should be declared external: - ReverseRegistrar.node(address) (contracts/registry/ReverseRegistrar.sol#150-155) register(bytes32,address) should be declared external: - TestRegistrar.register(bytes32,address) (contracts/registry/TestRegistrar.sol#31-36) dnsRecord(bytes32,bytes32,uint16) should be declared external: - DNSResolver.dnsRecord(bytes32,bytes32,uint16) (contracts/resolvers/profiles/DNSResolver.sol#90-92) hasDNSRecords(bytes32,bytes32) should be declared external: - DNSResolver.hasDNSRecords(bytes32,bytes32) (contracts/resolvers/profiles/DNSResolver.sol#99-101) clearDNSZone(bytes32) should be declared external: - DNSResolver.clearDNSZone(bytes32) (contracts/resolvers/profiles/DNSResolver.sol#107-110) setController(address,bool) should be declared external: - Controllable.setController(address,bool) (contracts/root/Controllable.sol#18-21) encodeName(string) should be declared external: - TestNameEncoder.encodeName(string) (contracts/utils/TestNameEncoder.sol#9-15) balanceOfBatch(address[],uint256[]) should be declared external: - ERC1155Fuse.balanceOfBatch(address[],uint256[]) (contracts/wrapper/ERC1155Fuse.sol#78-97) setApprovalForAll(address,bool) should be declared external: - ERC1155Fuse.setApprovalForAll(address,bool) (contracts/wrapper/ERC1155Fuse.sol#102-114) safeTransferFrom(address,address,uint256,uint256,bytes) should be declared external: - ERC1155Fuse.safeTransferFrom(address,address,uint256,uint256,bytes) (contracts/wrapper/ERC1155Fuse.sol#169-183)
safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) should be declared external: - ERC1155Fuse.safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) (contracts/wrapper/ERC1155Fuse.sol#188-232) setMetadataService(IMetadataService) should be declared external: - NameWrapper.setMetadataService(IMetadataService) (contracts/wrapper/NameWrapper.sol#105-110) uri(uint256) should be declared external: - NameWrapper.uri(uint256) (contracts/wrapper/NameWrapper.sol#117-119) setUpgradeContract(INameWrapperUpgrade) should be declared external: - NameWrapper.setUpgradeContract(INameWrapperUpgrade) (contracts/wrapper/NameWrapper.sol#128-143) wrapETH2LD(string,address,uint32,uint64,address) should be declared external: - NameWrapper.wrapETH2LD(string,address,uint32,uint64,address) (contracts/wrapper/NameWrapper.sol#210-237) wrap(bytes,address,address) should be declared external: - NameWrapper.wrap(bytes,address,address) (contracts/wrapper/NameWrapper.sol#295-325) unwrapETH2LD(bytes32,address,address) should be declared external: - NameWrapper.unwrapETH2LD(bytes32,address,address) (contracts/wrapper/NameWrapper.sol#335-346) unwrap(bytes32,bytes32,address) should be declared external: - NameWrapper.unwrap(bytes32,bytes32,address) (contracts/wrapper/NameWrapper.sol#356-365) upgradeETH2LD(string,address,address) should be declared external: - NameWrapper.upgradeETH2LD(string,address,address) (contracts/wrapper/NameWrapper.sol#401-417) upgrade(bytes32,string,address,address) should be declared external: - NameWrapper.upgrade(bytes32,string,address,address) (contracts/wrapper/NameWrapper.sol#429-447) setRecord(bytes32,address,address,uint64) should be declared external: - NameWrapper.setRecord(bytes32,address,address,uint64) (contracts/wrapper/NameWrapper.sol#584-601) setResolver(bytes32,address) should be declared external: - NameWrapper.setResolver(bytes32,address) (contracts/wrapper/NameWrapper.sol#609-616) setTTL(bytes32,uint64) should be declared external: - NameWrapper.setTTL(bytes32,uint64) (contracts/wrapper/NameWrapper.sol#624-631) onERC721Received(address,address,uint256,bytes) should be declared external: - NameWrapper.onERC721Received(address,address,uint256,bytes) (contracts/wrapper/NameWrapper.sol#693-725)

Mitigation: Make above function external

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter