LQAG
LQAG Report
Contents:
Low Risk Issues
| No. | Issue |
|---|---|
| 1 | Always use safeTransferFrom instead of transferFrom |
| 2 | Owner can renounce Ownership |
[L-01] Always use safeTransferFrom instead of transferFrom
Lines of Code:
[L-02] Owner can renounce Ownership
Description:
Typically, the contract’s owner is the account that deploys the contract. As a result, the owner is able to perform certain privileged activities.
The non-fungible Ownable used in this project contract implements renounceOwnership. This can represent a certain risk if the ownership is renounced for any other reason than by design. Renouncing ownership will leave the contract without an owner, thereby removing any functionality that is only available to the owner.
Lines of Code:
[L-03] onlyOwner functions
onlyOwner functions:
Non Critical Issues
| No. | Issue |
|---|---|
| 1 | Tokens accidentally sent to the contract cannot be recovered |
| 2 | Use a more recent version of Solidity |
[NC-01] Tokens accidentally sent to the contract cannot be recovered
Description:
It can't be recovered if the tokens accidentally arrive at the contract address, which has happened to many popular projects, so I recommend adding a recovery code to your critical contracts.
Recommendation:
Add this code:
Lines of Code:
[NC-02] Use a more recent version of Solidity
Description:
For security, it is best practice to use the latest Solidity version. For the security fix list in the versions: https://github.com/ethereum/solidity/blob/develop/Changelog.md
Recommendation:
Old version of Solidity is used , newer version can be used (0.8.21)
Lines of Code:
Gas Optimizations Report
[G-01] ++i/i++ should be unchecked{++i}/unchecked{i++} when it is not possible for them to overflow, as is the case when used in for-loop and while-loops
Description:
In Solidity 0.8+, there’s a default overflow check on unsigned integers. It’s possible to uncheck this in for-loops and save some gas at each iteration, but at the cost of some code readability, as this uncheck cannot be made inline.
Recommendation:
Using Solidity's unchecked block saves the overflow checks.
Proof Of Concept:
Lines of Code:
[G-02] Optimize names to save gas [22 gas per instance]
Description:
Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions.
Recommendation:
Find a lower method ID name for the most called functions for example Call() vs. Call1() is cheaper by 22 gas. For example, the function IDs in the L1GraphTokenGateway.sol contract will be the most used; A lower method ID may be given.
Proof Of Concept:
Lines of Code:
[G-03] Setting the constructor to payable [~13 gas per instance]
Lines of Code:
[G-04] Comparison operators
Description:
In the EVM, there is no opcode for >= or <=. When using greater than or equal, two operations are performed: > and =. Using strict comparison operators hence saves gas.
Recommendation:
Replace <= with <, and >= with >. Do not forget to increment/decrement the compared variable.
Lines of Code:
[G-05] <array>.length should not be looked up in every loop of a for-loop
Description:
The overheads outlined below are PER LOOP, excluding the first loop
-
storage arrays incur a Gwarmaccess (100 gas)
-
memory arrays use
MLOAD(3 gas) -
calldata arrays use
CALLDATALOAD(3 gas)
Caching the length changes each of these to a DUP<N> (3 gas), and gets rid of the extra DUP
Lines of Code:
[G-06] x += y costs more gas than x = x + y for state variables
Lines of Code:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.