Platform: Code4rena
Start Date: 27/01/2022
Pot Size: $75,000 USDC
Total HM: 10
Participants: 26
Period: 7 days
Judge: pauliax
Total Solo HM: 5
Id: 81
League: ETH
Rank: 16/26
Findings: 3
Award: $426.35
🌟 Selected for report: 2
🚀 Solo Findings: 0
🌟 Selected for report: cmichel
Also found by: 0x1f8b, TomFrenchBlockchain, UncleGrandpa925, WatchPug, defsec, leastwood, pauliax, sirhashalot
sirhashalot
Chainlink's documentation listed the latestAnswer() function as deprecated. This function doesn't revert if no answer is available but returns 0, and the return value of latestanswer() is not checked in the Notional code. In fact, Chainlink removed their deprecated function documentation from their website but Internet Archive shows latestAnswer() was deprecated even in March 2021. Several past code4rena findings identify this finding as medium risk.
Line 176 of EIP1271Wallet.sol calls the deprecated Chainlink latestAnswer() function
Use Chainlink V3 API functions: https://docs.chain.link/docs/price-feeds-api-reference/
#0 - jeffywu
2022-02-06T15:10:31Z
Duplicate #178
#1 - pauliax
2022-02-12T12:14:23Z
A duplicate of #197
🌟 Selected for report: sirhashalot
175.6079 USDC - $175.61
sirhashalot
The sNOTE.sol _beforeTokenTransfer() function overrides the ERC20 _beforeTokenTransfer() function, but also calls super._beforeTokenTransfer(). This call to the parent function is unnecessary because no actions are performed, so it can be removed to save gas. This function call is probably placed here for consistency with the _afterTokenTransfer() function, but it is unnecessary with the current code (unlike the call in the _afterTokenTransfer() function)
Line 374 of sNOTE.sol calls super._beforeTokenTransfer(), which does not need to be called because it performs no actions.
Remove line 374 from sNOTE.sol to remove the super._beforeTokenTransfer() call
#0 - pauliax
2022-02-14T13:57:47Z
Valid suggestion.
🌟 Selected for report: sirhashalot
Also found by: Jujic
79.0235 USDC - $79.02
sirhashalot
Strings are broken into 32 byte chunks for operations. Revert error strings over 32 bytes therefore consume extra gas as documented publicly
There are multiple examples of this gas optimization opportunity, including but not limited to:
Reducing revert error strings to under 32 bytes decreases deployment time gas and runtime gas when the revert condition is met. Alternatively, the code could be modified to use custom errors, introduced in Solidity 0.8.4: https://blog.soliditylang.org/2021/04/21/custom-errors/
#0 - pauliax
2022-02-14T14:01:14Z
Technically valid optimization.