Backd Tokenomics contest - 0xNazgul's results

Missing Equivalence Checks in Setters

Severity: Low Context: VestedEscrow.sol#L64-L72, VestedEscrow.sol#L74-L78

Description: Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.

Recommendation: Add in the additional checks to validate if the new value being set is the same as the current value already set in the contract.

Missing Time locks

Severity: Low Context: Controller.sol#L62-L76

Description: None of the onlyOwner functions that change critical protocol addresses/parameters appear to have a time lock for a time-delayed change to alert: (1) users and give them a chance to engage/exit protocol if they are not agreeable to the changes (2) team in case of compromised owner(s) and given them a chance to perform incident response.

Recommendation: Add a time lock to these functions for a time-delayed change to alert users and protect against possiable malicious changes by compromised owners(s).

Lack of Event Emission For Critical Functions

Severity: Low Context: Controller.sol#L33-L37, StakerVault.sol#L98-L102, StakerVault.sol#L197-L210, StakerVault.sol#L218-L235, AmmGauge.sol#L49-L54, InflationManager.sol#L58-L63, InflationManager.sol#L435-L438, InflationManager.sol#L446-L467, InflationManager.sol#L482-L489, KeeperGauge.sol#L57-L62, Minter.sol#L99-L102, Minter.sol#L104-L108, VestedEscrow.sol#L64-L72, VestedEscrow.sol#L74-L78

Description: Several functions update critical parameters that are missing event emission. These should be performed to ensure tracking of changes of such critical parameters.

Recommendation: Add events to functions that change critical parameters.

Max/Infinite Approvals are Dangerous

Severity: Low Context: RewardHandler.sol#L62-L65

Description: Giving max/infinite approvals to contracts are dangerous. Giving max/infinite approvals to contracts are dangerous because if those contracts are exploited then they can remove all the funds from the approving addresses.

Recommendation Check allowance and approve as much as required.

TODOs Left In The Code

Severity: Informational Context: InflationManager.sol#L532

Description: There should never be any TODOs in the code when deploying.

Recommendation: Finish the TODOs before deploying.

Spelling Errors

Severity: Informational Context: BkdLocker.sol#L173 (invlude => include), FeeBurner.sol#L29 (successfull => successful), FeeBurner.sol#L29 (Emmited => Emitted), FeeBurner.sol#L35 (Recieve => Receive), FeeBurner.sol#L84 (Transfering => Transferring)

Description: Spelling errors in comments can cause confusion to both users and developers.

Recommendation: Check all misspellings to ensure they are corrected.

Missing or Incomplete NatSpec

Severity: Informational Context: All Contracts

Description: Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.

Recommendation: Add in full NatSpec comments for all functions to have complete code documentation for future use.

Catching The Array Length Prior To Loop

Context: RoleManager.sol#L75-L88, RewardHandler.sol#L35-L55, StakerVault.sol#L256-L263, FeeBurner.sol#L43-L88, InflationManager.sol#L110-L125 (For L116), VestedEscrow.sol#L89-L111, PoolMigrationZap.sol#L20-L29, PoolMigrationZap.sol#L38-L45

Description: One can save gas by caching the array length (in stack) and using that set variable in the loop. Replace state variable reads and writes within loops with local variable reads and writes. This is done by assigning state variable values to new local variables, reading and/or writing the local variables in a loop, then after the loop assigning any changed local variables to their equivalent state variables.

Recommendation: Simply do something like so before the for loop: uint length = variable.length. Then add length in place of variable.length in the for loop.

In require(), Use != 0 Instead of > 0 With Uint Values

Context: BkdLocker.sol#L90-L100 (For both), BkdLocker.sol#L133-L155 (For L137), AmmGauge.sol#L103-L116 (For L104), AmmGauge.sol#L124-L138 (For L125), KeeperGauge.sol#L125-L144 (For L140), VestedEscrow.sol#L80-L87 (For L84)

Description: In a require, when checking a uint, using != 0 instead of > 0 saves 6 gas. This will jump over or avoid an extra ISZERO opcode.

Recommendation: Use != 0 instead of > 0 with uint values but only in require() statements.

Setting The Constructor To Payable

Context: All Contracts

Description: You can cut out 10 opcodes in the creation-time EVM bytecode if you declare a constructor payable. Making the constructor payable eliminates the need for an initial check of msg.value == 0 and saves 21 gas on deployment with no security risks.

Recommendation: Set the constructor to payable.

Function Ordering via Method ID

Context: All Contracts

Description: Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions. One could use This tool to help find alternative function names with lower Method IDs while keeping the original name intact.

Recommendation: Find a lower method ID name for the most called functions for example mostCalled() vs. mostCalled_41q() is cheaper by 44 gas.