Platform: Code4rena
Start Date: 30/11/2021
Pot Size: $30,000 USDC
Total HM: 0
Participants: 21
Period: 3 days
Judge: pauliax
Id: 63
League: ETH
Rank: 11/21
Findings: 2
Award: $78.50
🌟 Selected for report: 0
🚀 Solo Findings: 0
13.4097 USDC - $13.41
Czar102
Unneeded check in line 39 in PegExchanger:
require(msg.sender != address(this), "????");
msg.sender can't call any functions other than specified in the documentation.
From empirical data, deleting this statement saves magically 46,654 gas for deployment!
truffle, ganache
Delete this require(...) statement.
#0 - pauliax
2021-12-10T15:56:47Z
A duplicate of #71
Czar102
The variable preMergeCirculatingTribe is not marked constant, thus every read is very gas-inefficient. The deployment costs 16,014 gas more.
slither, truffle, ganache
Mark the variable constant.
#0 - elee1766
2021-12-06T03:35:25Z
#147
#1 - pauliax
2021-12-10T17:48:41Z
A duplicate of #147
Czar102
Boolean variables should not be compared with other booleans.
PegExchanger.exchange(uint256) (contracts/PegExchanger.sol#36-45) compares to a boolean constant: -require(bool,string)(isExpired() == false,Redemption period is over) (contracts/PegExchanger.sol#37) PegExchanger.exchange(uint256) (contracts/PegExchanger.sol#36-45) compares to a boolean constant: -require(bool,string)(isEnabled() == true,Proposals are not both passed) (contracts/PegExchanger.sol#38) PegExchanger.setExpirationBlock(uint256) (contracts/PegExchanger.sol#101-115) compares to a boolean constant: -require(bool,string)(isEnabled() == true,Contract must be enabled before admin functions called) (contracts/PegExchanger.sol#110-113) TribeRagequit.ngmi(uint256,uint256,bytes32[]) (contracts/TRIBERagequit.sol#59-82) compares to a boolean constant: -require(bool,string)(isExpired() == false,Redemption period is over) (contracts/TRIBERagequit.sol#64) TribeRagequit.ngmi(uint256,uint256,bytes32[]) (contracts/TRIBERagequit.sol#59-82) compares to a boolean constant: -require(bool,string)(isEnabled() == true,Proposals are not both passed) (contracts/TRIBERagequit.sol#65) TribeRagequit.ngmi(uint256,uint256,bytes32[]) (contracts/TRIBERagequit.sol#59-82) compares to a boolean constant: -require(bool,string)(verifyClaim(thisSender,key,merkleProof) == true,invalid proof) (contracts/TRIBERagequit.sol#68-71) TribeRagequit.requery() (contracts/TRIBERagequit.sol#110-131) compares to a boolean constant: -init == false (contracts/TRIBERagequit.sol#118) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#boolean-equality
slither
Delete " == true" and instead of " == false" - negate the variable.
#0 - elee1766
2021-12-06T03:33:57Z
#160
#1 - pauliax
2021-12-10T18:25:09Z
A duplicate of #160
Czar102
Three variables in requery() function return data are declared, but never used. This makes the deployment cost 3,679 gas more (calculated empirically).
truffle, ganache
Do not assign these return values to variables.
#0 - elee1766
2021-12-06T04:42:15Z
#157
#1 - pauliax
2021-12-11T09:28:10Z
A duplicate of #159
Czar102
Functions exchange(uint256), setExpirationBlock(uint256), ngmi(uint256,uint256,bytes32[]), requery(), party0Accept(), party1Accept() (the last two in both contracts) are marked public, while can be external. This uses more gas.
slither
Mark these functions external.
#0 - elee1766
2021-12-06T03:05:47Z
duplicate #27
#1 - pauliax
2021-12-11T10:44:11Z
A duplicate of #27
19.8662 USDC - $19.87
Czar102
Usage of local variables (swaps, dups on stack) uses more gas than CALLER opcode.
Also, code is more clear when using msg.sender instead of a local variable.
Manual analysis
Use msg.sender instead of a local variable thisSender.
#0 - elee1766
2021-12-06T04:28:46Z
#99
#1 - pauliax
2021-12-11T12:00:35Z
A duplicate of #99
13.4097 USDC - $13.41
Czar102
Function giveTo() in PegExchanger uses transferFrom(...), which reads the allowance of the contract, despite it is not needed in this case. This theoretically uses more than 2000 additional gas compared to the transfer() function.
Consider using transfer() method instead of transferFrom(...).
#0 - elee1766
2021-12-06T04:49:28Z
#52
#1 - pauliax
2021-12-10T17:37:59Z
A duplicate of #104