Cudos contest - simon135's results

Version of solidity under 8.0.0 prone to bugs https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/CosmosToken.sol#L1 Mitigation:use 0.8.0 and above

You can make the initialized variable not initialized bec its already 0 it wastes gas bec your sstore 25000 gas https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L54 Make functions on admin function payable it saves gas bec of not checking for msg.value = zero https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L124 Instead of using && in a require statement use multiple require statements to save gas https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L301 Make require string less than 32 bytes save gas https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L386 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L390 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L405 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L416 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L511 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L527

Use custom errors instead of revert string to save gas Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met) Source: Custom Errors in Solidity: Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them. Custom errors are defined using the error statement, which can be used inside and outside of contracts (including interfaces and libraries) https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L386 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L390 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L396 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L511 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L527 ++i costs less gas compared to i++ for unsigned integer, as pre-increment is cheaper (about 5 gas per iteration) i++ increments i and returns the initial value of i https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L579 https://github.com/code-423n4/2022-05-cudos/blob/4e08b7ba7c40252ac64fe4169f8a40622333ee63/solidity/contracts/Gravity.sol#L660