Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 198
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 164
League: ETH
Rank: 140/198
Findings: 1
Award: $18.92
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: AkshaySrivastav
Also found by: 0v3rf10w, 0x040, 0x1f8b, 0x4non, 0x5rings, 0x85102, 0xA5DF, 0xDecorativePineapple, 0xNazgul, 0xSky, 0xSmartContract, 0xbepresent, 0xf15ers, 0xmatt, 2997ms, Aeros, Aymen0909, B2, Bahurum, Bnke0x0, CertoraInc, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, Diraco, Dravee, ElKu, Funen, IllIllI, JC, JLevick, JohnSmith, JohnnyTime, KIntern_NA, Lambda, Margaret, MasterCookie, OptimismSec, RaymondFam, Respx, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, SooYa, StevenL, TomJ, Tomo, V_B, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, async, ayeslick, aysha, berndartmueller, bin2chen, bobirichman, brgltd, bulej93, c3phas, carrotsmuggler, cccz, ch13fd357r0y3r, chatch, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, dic0de, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, gogo, got_targ, hansfriese, ignacio, ikbkln, indijanc, innertia, joestakey, karanctf, ladboy233, leosathya, lukris02, martin, medikko, millersplanet, nalus, natzuu, neko_nyaa, neumo, obront, oyc_109, pcarranzav, peanuts, pedr02b2, pedroais, peiw, peritoflores, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, rokinot, romand, rotcivegaf, rvierdiiev, sach1r0, seyni, sikorico, slowmoses, sorrynotsorry, supernova, tibthecat, tnevler, ubermensch, yongskiws, zzykxx, zzzitron
18.9219 USDC - $18.92
Findings: SetAdmin Visibility Modifier should be marked External:
File: contracts/AccessProtected.sol - Line 39
Explanation:
Assuming set admin isn't being called within the contract AccessProtected.sol.
setAdmin visibility modifier should be marked external.
Findings: You should multiply before divide. No zero checks for finalVestionDuractionSecs
Code: Contract/VTVLVesting.sol - Line 176
Explanation: Given Solidty works in integer the following value would be truncated as a result leading to loss of precision.
Mitigation: In general, it's usually a good idea to re-arrange arithmetic to perform multiplication before division, unless the limit of a smaller type makes this dangerous.
Findings: Multiple require statement
Code: contracts/VTVLVesting.sol - Line 343
Explanation: Splitting require() statements that use && saves gas
Findings: Costly loop, gas optimization initialize of -, ++i, run out of gas
Code: contract/VTVLVesting.sol - Line 353
Explanation: Costly operations inside a loop might waste gas, so optimizations are justfiied in _createClaimUnchecked.
Findings: No check for 0x00 address on mint
Code: VariableSupplyERC20Token.sol
Explanation: No check for 0x00 address on mint on mint would lead to token being essentially burned. However given this is within the contructor and called once this may not be viewed as a major vulnerability.
Mitigation: Add 0x00 require checks.
++i cost less gas compared to i++. Consider using ++{variable} instead of {variable}++There are 2 instances of this issue.
Consider using ++i instead of i++
It is best practice to use constant variables rather than literal values to make the code easier to understand and maintain.
x += y costs more gas than x = x + y for state variablesThere are 4 instances of this issue.
Use x = x + y instead of x += y
There are 1 instances of this issue.
uint is initialised at 0. It cost more gas to initialise variable at 0
There are 1 instances of this issue.
There are 3 instances of this issue.
There are 1 instances of this issue.
There are 3 instances of this issue.
There are 1 instances of this issue.
There are 3 instances of this issue.
There are 1 instances of this issue.
There are 3 instances of this issue.