Platform: Code4rena
Start Date: 11/11/2021
Pot Size: $50,000 USDC
Total HM: 9
Participants: 27
Period: 7 days
Judge: alcueca
Total Solo HM: 5
Id: 53
League: ETH
Rank: 18/27
Findings: 2
Award: $448.06
π Selected for report: 3
π Solo Findings: 0
π Selected for report: hyh
Also found by: MaCree, elprofesor, fatima_naz, gpersoon, gzeon, loop, palina, pauliax, pmerkleplant, xYrYuYx, ye0lde
xYrYuYx
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedFactory.sol#L85
delete will reset operators[i] as address(0), and the length of operators wonβt be reduced.
Manual
change that line to operators[i] = operators[operators.length - 1]; operators.pop()
#0 - maximebrugel
2021-11-19T14:07:15Z
Duplicated : #58
#1 - alcueca
2021-12-03T11:14:27Z
Using #220 instead
xYrYuYx
We can cache length of array before loop, to optimize gas.
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/OperatorResolver.sol#L45
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/OperatorResolver.sol#L56
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/FeeSplitter.sol#L108
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/FeeSplitter.sol#L125
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/FeeSplitter.sol#L227
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/MixinOperatorResolver.sol#L32
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/MixinOperatorResolver.sol#L48
Manual
Cache length
#0 - adrien-supizet
2021-11-19T11:11:03Z
duplicate #7
47.7068 USDC - $47.71
xYrYuYx
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedBuybacker.sol#L81
To optimize gas, we can change public to external if that function is not used internally.
Manual
Change to external
#0 - maximebrugel
2021-11-19T13:55:02Z
Duplicated : #72
π Selected for report: xYrYuYx
106.015 USDC - $106.02
xYrYuYx
calldata use less gas than memory in function arguments
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/FeeSplitter.sol#L124
Manual
Use calldata keyword in function argument instead of memory
#0 - maximebrugel
2021-11-19T11:27:35Z
Before => 286520 Gas After => 286358 Gas
π Selected for report: xYrYuYx
106.015 USDC - $106.02
xYrYuYx
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedFactory.sol#L79
Add current index of operator in function call, and check if operators[index] == operator. If not, revert.
This will reduce gas.
Remove by setting specific index, and add checker with that index
#0 - maximebrugel
2021-11-19T14:09:15Z
Will change with #58
#1 - alcueca
2021-12-03T11:15:07Z
Different issue, though
47.7068 USDC - $47.71
xYrYuYx
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedBuybacker.sol#L110
since burnPercentage is less than 1000, toBurn is always less than balance.
So can use unchecked keyword to save gas.
Manaul
Use unchecked keyword
#0 - adrien-supizet
2021-11-19T10:45:29Z
duplicate #173
π Selected for report: xYrYuYx
Also found by: PierrickGT, loop, palina, pauliax
xYrYuYx
Add zero-address checkers, before use those argument
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/FeeSplitter.sol#L69
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/FeeSplitter.sol#L263
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedBuybacker.sol#L54-L56
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedBuybacker.sol#L68
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedBuybacker.sol#L75
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedFactory.sol#L44-L47
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedFactory.sol#L75
Manual
Add zero-address checker
#0 - maximebrugel
2021-11-19T11:34:49Z
Duplicated : #83
#1 - alcueca
2021-12-03T10:41:34Z
Taking as main, since it is the most complete