CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: gas

LQAG

0xackermann

LQAG Report

Contents:

Non Critical Issues

No. Issue
1 Tokens accidentally sent to the contract cannot be recovered
2 Use a more recent version of Solidity

[NC-01] Tokens accidentally sent to the contract cannot be recovered

Description:

It can't be recovered if the tokens accidentally arrive at the contract address, which has happened to many popular projects, so I recommend adding a recovery code to your critical contracts.

Recommendation:

Add this code:

/**
* @notice Sends ERC20 tokens trapped in contract to external address
* @dev Onlyowner is allowed to make this function call
* @param account is the receiving address
* @param externalToken is the token being sent
* @param amount is the quantity being sent
* @return boolean value indicating whether the operation succeeded.
*
*/
function rescueERC20(address account, address externalToken, uint256 amount) public onlyOwner returns (bool) {
IERC20(externalToken).transfer(account, amount);
return true;
}
}

[NC-02] Use a more recent version of Solidity

Description:

For security, it is best practice to use the latest Solidity version. For the security fix list in the versions: https://github.com/ethereum/solidity/blob/develop/Changelog.md

Recommendation:

Old version of Solidity is used , newer version can be used (0.8.21)

Lines of Code:

Gas Optimizations Report

No. Issue
1 Optimize names to save gas [22 gas per instance]
2 Comparison operators

[G-01] Optimize names to save gas [22 gas per instance]

Description:

Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions.

Recommendation:

Find a lower method ID name for the most called functions for example Call() vs. Call1() is cheaper by 22 gas. For example, the function IDs in the L1GraphTokenGateway.sol contract will be the most used; A lower method ID may be given.

Proof Of Concept:

https://medium.com/joyso/solidity-how-does-function-name-affect-gas-consumption-in-smart-contract-47d270d8ac92

Lines of Code:

[G-02] Comparison operators

Description:

In the EVM, there is no opcode for >= or <=. When using greater than or equal, two operations are performed: > and =. Using strict comparison operators hence saves gas.

Recommendation:

Replace <= with <, and >= with >. Do not forget to increment/decrement the compared variable.

Lines of Code:

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.