LI.FI contest - teryanarmen's results

1. Unlocked pragma in all contracts in scope should be fixed to 0.8.7 if that is the solidity compiler they were tested with to ensure contracts are not deployed with the wrong compiler version. Example

1. Functions visibility

• Summary: Functions visibility can be stricter.
• Details: The following functions have public visibility but are not called internally by the contract and thus can have a stricter visibility.
  1. startBridgeTokensViaAnyswap and swapAndStartBridgeTokensViaAnyswap
  2. startBridgeTokensViaAnyswap and swapAndStartBridgeTokensViaAnyswap
  3. swapTokensGeneric
  4. startBridgeTokensViaHop and swapAndStartBridgeTokensViaHop
  5. startBridgeTokensViaNXTP and swapAndStartBridgeTokensViaNXTP
  6. withdraw
• Github Permalinks:
  1. startBridgeTokenViaAnyswap, swapAndStartBridgeTokensViaAnyswap
  2. startBridgeTokensViaCBridge, swapAndStartBridgeTokensViaCBridge
  3. swapTokensGeneric
  4. startBridgeTokensViaHop, swapAndStartBridgeTokensViaHop
  5. startBridgeTokensViaNXTP, swapAndStartBridgeTokensViaNXTP
  6. withdraw
• Mitigation: Change the visibility for the mentioned functions from public to external

2. Unnecessary storage retrieval

• Summary: Storage values retrieved repeatedly in the same function can be cached to optimize gas usage.
• Details: In _startBridge, 6 storage calls are made that can be replaced by chaching 1 variables, reducing gas usage significantly. For example, _bridge(hopData.asset).token can be replaced by s.hopBridges[hopData.asset] where s is stored in memory.
• Github Permalinks: _startBridge, _bridge, and getStorage
• Mitigation: Output of getStorage can be cahced in memory and later calls to _bridge can be replaced with queries to the Storage struct saved in the cache.