Skip to content

A collection of common security issues and possible gas optimizations in solidity smart contracts

License

Notifications You must be signed in to change notification settings

byterocket/c4-common-issues

Repository files navigation

c4-common-issues

This repository aims to provide a list of issues found regularly in Code4Rena contests.

Introduction

Code4Rena runs community-driven contests for smart contract audits in which wardens search for issues and judges allocate awards to wardens based on performance.

A problem currently in the community is how to handle commonly found issues as they increase the judge's workload.

This repo aims to identify common issues and provide background information.

The goal is, that wardens include the issue's identifier in a contest submission.

This would help judges mark the issues as duplicates and hopefully decrease their workload.

Gas Optimization Issues

Identifier Title
G001 Don't Initialize Variables with Default Value
G002 Cache Array Length Outside of Loop
G003 Use != 0 instead of > 0 for Unsigned Integer Comparison
G004 Remove Unused Variables
G005 Make Variable constant/immutable
G006 Use immutable for OpenZeppelin AccessControl's Roles Declarations
G007 Long Revert Strings
G008 Use Shift Right/Left instead of Division/Multiplication if possible
G009 Make Function external instead of public
G010 Make Function payable
G011 Unnecessary checked arithmetic in for loop
G012 Use Prefix Increment instead of Postfix Increment if possible

Non-Critical Issues

Identifier Title
NC001 Functions Mutating Storage Should Emit Events

Low Risk Issues

Identifier Title
L001 Unsafe ERC20 Operation(s)
L002 FeeOnTransfer Tokens not Supported
L003 Unspecific Compiler Version Pragma
L004 Use Two-Step Transfer Pattern for Access Controls
L005 Do not use Deprecated Library Functions
L006 Check that Contract Exists before using solmate's SafeTransferLib

Contribution

Any kind of contribution is highly welcome!

License

This work is licensed under a Creative Commons Attribution 4.0 International License.

About

A collection of common security issues and possible gas optimizations in solidity smart contracts

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published