Back to tofunmi's contests

Axelar Network v2 contest - tofunmi's results

Decentralized interoperability network.

General Information

Platform: Code4rena

Start Date: 29/07/2022

Pot Size: $50,000 USDC

Total HM: 6

Participants: 75

Period: 5 days

Judge: GalloDaSballo

Total Solo HM: 3

Id: 149

League: ETH

Axelar Network

Findings Distribution

Researcher Performance

Rank: 39/75

Findings: 2

Award: $88.01

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAxelar Network

Findings Information

🌟 Selected for report: oyc_109

Also found by: 0x1f8b, 0x52, 0xNazgul, 0xSmartContract, 0xf15ers, 8olidity, Aymen0909, Bnke0x0, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, IllIllI, JC, Lambda, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Twpony, Waze, Yiko, __141345__, ajtra, apostle0x01, ashiq0x01, asutorufos, bardamu, benbaessler, berndartmueller, bharg4v, bulej93, c3phas, cccz, ch13fd357r0y3r, codexploder, cryptonue, cryptphi, defsec, djxploit, durianSausage, fatherOfBlocks, gogo, hansfriese, horsefacts, ignacio, kyteg, lucacez, mics, rbserver, robee, sashik_eth, simon135, sseefried, tofunmi, xiaoming90

Awards

56.1273 USDC - $56.13

Labels

bug
QA (Quality Assurance)
edited-by-warden

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/xc20/contracts/XC20Wrapper.sol#L63

Vulnerability details

Any smart contract that uses transfer() or send() is taking a hard dependency on gas costs by forwarding a fixed amount of gas: 2300. My recommendation is to stop using transfer() and send() in your code and switch to using call() instead:

Affected Line

(bool success, ) = recipient.call{value:amt}("");
require(success, "Transfer failed.");
  • You can control the amount of gas instead of using transfer
    • Keep in mind to check whether the call was successful by validating the return value

#0 - re1ro

2022-08-05T03:25:12Z

Duplicate of #4

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0xNazgul, 0xsam, 8olidity, Aymen0909, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, JC, Lambda, MiloTruck, Noah3o6, NoamYakov, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Tomio, Waze, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, benbaessler, bharg4v, bulej93, c3phas, defsec, djxploit, durianSausage, erictee, fatherOfBlocks, gerdusx, gogo, kyteg, lucacez, medikko, mics, owenthurm, oyc_109, rbserver, robee, sashik_eth, simon135, tofunmi

Awards

31.8812 USDC - $31.88

Labels

bug
G (Gas Optimization)
sponsor acknowledged

External Links

Link to GitHub issue

Gas

  • use a more efficient loop, to save a significant amount of gas n your loops, by doing unchecked{++i;} at the end of the loop execution (even gas savings up to 1000 depending on the size)

  • for example

function effiecientLoop(uint256[] arr) public{
	. . . . 
	for(uint256 i = 0; i < arr.length;) {
		. . . . . 
		unchecked{
		  ++i;
		}
          }
   }
Affected lines for unefficient loops

#0 - re1ro

2022-08-05T03:24:57Z

Thank you. Good spot. Dup #2

#1 - GalloDaSballo

2022-08-23T01:12:28Z

300 gas

#2 - GalloDaSballo

2022-08-23T01:12:41Z

<img width="123" alt="Screenshot 2022-08-23 at 03 12 33" src="https://user-images.githubusercontent.com/13383782/186046554-1c6a6676-e61a-499b-947c-509e5f5e11d0.png"> Exactly btw, pretty funny
AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter