Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: high

Invalid

[L-4] Lack of indexed parameters in events leads to inefficient and gas expensive event filtering

cyberethdev

[L-4] Lack of indexed parameters in events leads to inefficient and gas expensive event filtering

Description

Normal behaviour: Events should index up to 3 parameters that are commonly queried by the dAPP. Indexed parameters create topics that enable efficient 0(log n) filtering instead of 0(n) sacnning of all events.
Problematic behaviour: None of the contract's events include indexed parameters.

@> event NftListed(uint256 tokenId, address seller, uint256 minPrice, uint256 buyNowPrice);

@> event NftUnlisted(uint256 tokenId);

@> event BidPlaced(uint256 tokenId, address bidder, uint256 amount);

@> event AuctionExtended(uint256 tokenId, uint256 newDeadline);

@> event AuctionSettled(uint256 tokenId, address winner, address seller, uint256 price);

Risk

Likelihood: High

All events lack indexed parameters.

Impact: Low

The impact is low as it does not affect contract logic and functionality. However, it can significantly affect dAPP usability, off-chain querying costs and user friendliness when querying past data.

Proof of Concept

No proof of concept is required for this finding. It is included for informational / gas efficiency purposes.

Recommended Mitigation

To make event querying more efficient and reduce the filtering gas costs add indexed to event parameters that will be queried:

-event NftListed(uint256 tokenId, address seller, uint256 minPrice, uint256 buyNowPrice);

-event NftUnlisted(uint256 tokenId);

-event BidPlaced(uint256 tokenId, address bidder, uint256 amount);

-event AuctionExtended(uint256 tokenId, uint256 newDeadline);

-event AuctionSettled(uint256 tokenId, address winner, address seller, uint256 price);

+event NftListed(uint256 indexed tokenId, address indexed seller, uint256 minPrice, uint256 buyNowPrice);

+event NftUnlisted(uint256 indexed tokenId);

+event BidPlaced(uint256 indexed tokenId, address indexed bidder, uint256 amount);

+event AuctionExtended(uint256 indexed tokenId, uint256 newDeadline);

+event AuctionSettled(uint256 indexed tokenId, address indexed winner, address indexed seller, uint256 price);

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!