Platform: Code4rena
Start Date: 27/10/2022
Pot Size: $33,500 USDC
Total HM: 8
Participants: 96
Period: 3 days
Judge: kirk-baird
Total Solo HM: 1
Id: 176
League: ETH
Rank: 49/96
Findings: 2
Award: $31.16
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: robee
Also found by: 0x007, 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 8olidity, Awesome, B2, Bnke0x0, Chom, Diana, Dravee, JTJabba, Jeiwan, Josiah, Lambda, Mathieu, Picodes, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Ruhum, Sm4rty, Tricko, Trust, Waze, __141345__, a12jmx, adriro, ajtra, brgltd, c3phas, carlitox477, cccz, ch0bu, chaduke, chrisdior4, corerouter, cryptonue, csanuragjain, ctf_sec, cylzxje, delfin454000, dic0de, djxploit, horsefacts, imare, jayphbee, jwood, ktg, ladboy233, leosathya, lukris02, minhtrng, neko_nyaa, oyc_109, pashov, peritoflores, rbserver, rvierdiiev, shark, tnevler, yixxas
19.6449 USDC - $19.64
block.timestamp is unreliableUsing block.timestamp as part of the time checks could be slightly modified by miners/validators to favor them in contracts that contain logic heavily dependent on them.
Consider this problem and warn users that a scenario like this could occur. If the change of timestamps will not affect the protocol in any way, consider documenting the reasoning and writing tests enforcing that these guarantees will be preserved even if the code changes in the future.
There are 8 instances of this issue:
Line 229, Line 237, Line 319, Line 380, Line 426, Line 430, Line 463, Line 496
Stick to the proper spelling otherwise, it will make it decrease readability
There are 9 instances of this issue consider making the following changes:
Change "minmum" to "minimum" Line 523, Line 539, Line 558, Line 568
Change "protocalFeeRatio" to "protocolFeeRatio" Line 71
Change "reards" to "rewards" Line 339
Change "InequalArraySizes" to "UnequalArraySizes" Line 545
Change "taget" to "target" and "balacne" to "balance" Line 292
Change "Platfrom" to "Platform" Line 621-622
Consider sticking to using the CamelCase naming convention as it is highly recommended to follow these guidelines to help improve the readability of the source code for example:
Line 117: event PlatformFeeUpdated(uint256 oldfee, uint256 newFee);
Should be refactored to
Line 117: event PlatformFeeUpdated(uint256 oldFee, uint256 newFee);
#0 - kirk-baird
2022-11-12T00:23:43Z
block.timestamp issue is invalid in this case as boost rewards are gained per second
#1 - c4-judge
2022-11-12T00:24:04Z
kirk-baird marked the issue as grade-b
๐ Selected for report: c3phas
Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler
11.5153 USDC - $11.52
Instead of using the shorthand of addition/subtraction assignment operators (+=, -=)
it costs less to remove the shorthand ( x += y same as x = x+y ) saves ~22 gas
There are 3 instances of this issue:
as an example Line 445
Line 445: pledgeAvailableRewardAmounts[pledgeId] += totalRewardAmount;
could be refactored to
Line 445: pledgeAvailableRewardAmounts[pledgeId] = pledgeAvailableRewardAmounts[pledgeId] + totalRewardAmount;
public/external function names and public member variable names can be optimized to save gas. See this link for an example of how it works. Below are the interfaces/abstract contracts that can be optimized so that the most frequently-called functions use the least amount of gas possible during method lookup. Method IDs that have two leading zero bytes can save 128 gas each during deployment, and renaming functions to have lower method IDs will save 22 gas per call, per sorted position shifted
A function with access control marked as payable will be cheaper for legitimate callers: the compiler removes checks for msg.value, saving approximately 20 gas per function call.
There are 10 instances of this issue::
File: WardenPledge.sol
Line 541
File: WardenPledge.sol
Line 560
File: WardenPledge.sol
Line 570
File: WardenPledge.sol
Line 585
File: WardenPledge.sol
Line 599
File: WardenPledge.sol
Line 612
File: WardenPledge.sol
Line 625
File: WardenPledge.sol
Line 636
File: WardenPledge.sol
Line 643
File: WardenPledge.sol
Line 653
Solidity version 0.8+ comes with an implicit overflow and underflow checks on unsigned integers. When an overflow or an underflow isnโt possible, some gas can be saved by using an unchecked block. For example:
Line 445: pledgeAvailableRewardAmounts[pledgeId] += totalRewardAmount;
Line 445 could be refactored to
Line 445: unchecked { pledgeAvailableRewardAmounts[pledgeId] += totalRewardAmount; }
Storage Instead of Memory for Structs/Arrays Saves GasWhen fetching data from a storage location, assigning the data to a memory variable causes all fields of the struct/array to be read from storage, which incurs a Gcoldsload (2100 gas) for each field of the struct/array. If the fields are read from the new memory variable, they incur an additional MLOAD rather than a cheap stack read. Instead of declaring the variable with the memory keyword, declaring the variable with the storage keyword and caching any fields that need to be re-read in stack variables, will be much cheaper, only incurring the Gcoldsload for the fields actually read. The only time it makes sense to read the whole struct/array into a memory variable, is if the full struct/array is being returned by the function, is being passed to a function that requires memory, or if the array/struct is being read from another memory array/struct.
There are 2 instances of this issue:
#0 - c4-judge
2022-11-11T23:51:55Z
kirk-baird marked the issue as grade-b