Back to 0xf15ers's contests

Yieldy contest - 0xf15ers's results

A protocol for gaining single side yields on various tokens.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $50,000 USDC

Total HM: 31

Participants: 99

Period: 5 days

Judges: moose-code, JasoonS, denhampreen

Total Solo HM: 17

Id: 139

League: ETH

Yieldy

Findings Distribution

Researcher Performance

Rank: 55/99

Findings: 2

Award: $80.04

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryYieldy

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, FudgyDRS, Funen, GalloDaSballo, GimelSec, JC, Kaiziron, Lambda, Limbooo, Metatron, MiloTruck, Noah3o6, Picodes, PumpkingWok, PwnedNoMore, Sm4rty, StErMi, TomJ, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ak1, antonttc, berndartmueller, cccz, cryptphi, csanuragjain, defsec, delfin454000, dipp, elprofesor, exd0tpy, fatherOfBlocks, hake, hansfriese, hubble, joestakey, kenta, ladboy233, mics, oyc_109, pashov, pedr02b2, reassor, robee, samruna, scaraven, shung, sikorico, simon135, sseefried, tchkvsky, unforgiven, zzzitron

Awards

53.3348 USDC - $53.33

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

1. Return value is ignored

2. Add a guard check for epoch's endtime

  • While setting the Epoch's endtime, add a guard check require() for _firstEpochEndTime > block.timestamp to prevent unintended consequences.

3. Unused storage variable

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters

Awards

26.7051 USDC - $26.71

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

1. Individual require() is preferred in over multiple &&

  • In Staking.sol#L55-L63, intead of using && multiple times, mutliple require() can be used to save gas.

2. Change constants into immutable in YieldyStorage.sol

bytes32 public immutable ADMIN_ROLE = keccak256("ADMIN");
bytes32 public immutable MINTER_BURNER_ROLE = keccak256("MINTER_BURNER_ROLE");
bytes32 public immutable REBASE_ROLE = keccak256("REBASE_ROLE");

3. Making public functions not called internally can be made external to save gas

  • In Yieldy.sol, the visibility of balanceOf(), transfer(), transferFrom(), decimals() can be made external to save gas.
  • link

4. Using > 0 costs more gas than != 0 when used on a uint in a require() statement

  • In Staking.sol's stake(),instantUnstakeReserve(), instantUnstakeCurve()
function stake(uint256 _amount, address _recipient) public {
..............
       require(_amount > 0, "Must have valid amount");
       ...

5. Use solidity custom errors

solidity 0.8.4 introduces custom errors which are cheaper than using revert strings in terms of gas Use the custom error patterns to reduce gas cost.

for eg.


  // Before
  require(condition, "Revert strings");

  // After
  error CustomError();
  if (!condition) {
    revert CustomError();
  }

more details can be found here

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter