Contents:
No. | Issue |
---|---|
1 | Always use safeTransferFrom instead of transferFrom |
2 | Owner can renounce Ownership |
safeTransferFrom
instead of transferFrom
Lines of Code:
Description:
Typically, the contract’s owner is the account that deploys the contract. As a result, the owner is able to perform certain privileged activities.
The non-fungible Ownable used in this project contract implements renounceOwnership
. This can represent a certain risk if the ownership is renounced for any other reason than by design. Renouncing ownership will leave the contract without an owner, thereby removing any functionality that is only available to the owner.
Lines of Code:
onlyOwner
functions:
No. | Issue |
---|---|
1 | Tokens accidentally sent to the contract cannot be recovered |
2 | Use a more recent version of Solidity |
Description:
It can't be recovered if the tokens accidentally arrive at the contract address, which has happened to many popular projects, so I recommend adding a recovery code to your critical contracts.
Recommendation:
Add this code:
Lines of Code:
Description:
For security, it is best practice to use the latest Solidity version. For the security fix list in the versions: https://github.com/ethereum/solidity/blob/develop/Changelog.md
Recommendation:
Old version of Solidity is used , newer version can be used (0.8.21)
Lines of Code:
Description:
In Solidity 0.8+, there’s a default overflow check on unsigned integers. It’s possible to uncheck this in for-loops and save some gas at each iteration, but at the cost of some code readability, as this uncheck cannot be made inline.
Recommendation:
Using Solidity's unchecked block saves the overflow checks.
Proof Of Concept:
Lines of Code:
Description:
Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions.
Recommendation:
Find a lower method ID
name for the most called functions for example Call() vs. Call1() is cheaper by 22 gas. For example, the function IDs in the L1GraphTokenGateway.sol contract will be the most used; A lower method ID may be given.
Proof Of Concept:
Lines of Code:
constructor
to payable
[~13 gas per instance]Lines of Code:
Description:
In the EVM, there is no opcode for >=
or <=
. When using greater than or equal, two operations are performed: >
and =
. Using strict comparison operators hence saves gas.
Recommendation:
Replace <=
with <
, and >=
with >
. Do not forget to increment/decrement the compared variable.
Lines of Code:
<array>.length
should not be looked up in every loop of a for-loopDescription:
The overheads outlined below are PER LOOP, excluding the first loop
storage arrays incur a Gwarmaccess (100 gas)
memory arrays use MLOAD
(3 gas)
calldata arrays use CALLDATALOAD
(3 gas)
Caching the length changes each of these to a DUP<N>
(3 gas), and gets rid of the extra DUP
Lines of Code:
x += y
costs more gas than x = x + y
for state variablesLines of Code:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.