Platform: Code4rena
Start Date: 25/08/2022
Pot Size: $75,000 USDC
Total HM: 35
Participants: 147
Period: 7 days
Judge: 0xean
Total Solo HM: 15
Id: 156
League: ETH
Rank: 71/147
Findings: 2
Award: $87.09
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzzitron
Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas
54.3128 DAI - $54.31
[L01] A floating pragma is set. [L02] A mixed pragma is set.
There are contracts with a pragma >= 0.8.0. It is recommended to specify a fixed compiler version to ensure that the bytecode produced does not vary between builds. This is especially important if you rely on bytecode-level verification of the code.
Lock the pragma version
IHeart.sol#L2 IOperator.sol#L2 IBondCallback.sol#L2
There are contracts with version 0.8.15 and others with 0.8.0. Set up the same pragma for all project.
Kernel.sol#L2 KernelUtils.sol#L2 INSTR.sol#L2 MINTR.sol#L2 TRSRY.sol#L2 RANGE.sol#L2 PRICE.sol#L2 VOTES.sol#L2 TreasuryCustodian.sol#L2 Operator.sol#L2 BondCallback.sol#L2 Heart.sol#L2 Governance.sol#L2 PriceConfig.sol#L2 VoterRegistration.sol#L2 IHeart.sol#L2 IOperator.sol#L2 IBondCallback.sol#L2
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami
32.7811 DAI - $32.78
1.-Post-increment / post-decrement cost more gas than pre-increment/pre-decrement. Modify the following statements: https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/utils/KernelUtils.sol#L49 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/utils/KernelUtils.sol#L64 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L488 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L670 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L686
2.- <array>.length should not be looked up in every loop of a for-loop The overheads outlined below are PER LOOP, excluding the first loop. https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L278
3.- Greater or equal/lower or equal cost more gas than greater/lower. Swich operators <= / >= for < / > and change to increment / decrement the variable in consecuence: https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L210 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L211 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L216 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L217 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L486 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L667 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L683
4.- Greater than 0 cost more than !=0. Change the following statements: https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L247
5.- Variable1 += (-=) variable2 cost more gas than variable1 = Variable1 + (-) Variable2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/TRSRY.sol#L96 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/TRSRY.sol#L97 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/TRSRY.sol#L115 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/TRSRY.sol#L116 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/TRSRY.sol#L131 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/TRSRY.sol#L132 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L136 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L138 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L222 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/VOTES.sol#L56 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/VOTES.sol#L58 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/BondCallback.sol#L143 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/BondCallback.sol#L144 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Heart.sol#L103 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L194 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L198 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L252 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L254
6.- instead of using public for constats, use private. It saves gas. https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/RANGE.sol#L65 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L59 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L89 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L121 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L124 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L127 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L130 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L133 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L137
7.-Do not contrast boolean expressions with boolean literals https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L223 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L306
8.- Use of uints/ints more modest than 32 Bytes (256 pieces) causes above https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/RANGE.sol#L45 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L44 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L47 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L50 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L53 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L56 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L59 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L84 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L87 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L127 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L161 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L185 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L83 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L86 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L89 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L371 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L372 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L375 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L418 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L426 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L427 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L430 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L485 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L665 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L13 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L14 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L15 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L16 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L17 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L18 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L19 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L20 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L31 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L32 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L33
9.- Present variables with default values are not required https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/Kernel.sol#L397 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/utils/KernelUtils.sol#L43 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/utils/KernelUtils.sol#L58
Assuming than uint's less than 256 are updated to uint256. Operator.sol#L127 Operator.sol#L129 Operator.sol#403 Operator.sol#455
10.- Multiply/divide by two should use bit shift https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L372 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L419 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L420 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L427
11.- When you have a function parameter where you just need to read the data use calldate instead of memory. Can save gas. https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L205 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/TreasuryCustodian.sol#L53 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/BondCallback.sol#L152 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/PriceConfig.sol#L45
12.- Use a more recent version of solidity https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/Kernel.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/utils/KernelUtils.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/TRSRY.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/MINTR.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/RANGE.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/PRICE.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/VOTES.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/modules/INSTR.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/TreasuryCustodian.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Operator.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/BondCallback.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Heart.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/PriceConfig.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/Governance.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/VoterRegistration.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/interfaces/IBondCallback.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IHeart.sol#L2 https://github.com/code-423n4/2022-08-olympus/blob/277535739c465c75d37c33d706ab76365df2aade/src/policies/interfaces/IOperator.sol#L2