Back to Deathstore's contests

Neo Tokyo contest - Deathstore's results

A staking contract for the crypto gaming illuminati.

General Information

Platform: Code4rena

Start Date: 08/03/2023

Pot Size: $60,500 USDC

Total HM: 2

Participants: 123

Period: 7 days

Judge: hansfriese

Id: 220

League: ETH

Neo Tokyo

Findings Distribution

Researcher Performance

Rank: 80/123

Findings: 1

Award: $29.67

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNeo Tokyo

Findings Information

🌟 Selected for report: 0xSmartContract

Also found by: 0x1f8b, 0x6980, 0xAgro, 0xSolus, 0xhacksmithh, 0xkazim, ABA, BPZ, BowTiedOriole, ChainReview, DadeKuma, DeFiHackLabs, Deathstore, DevABDee, Diana, Dravee, Dug, Englave, Go-Langer, Haipls, IceBear, Inspex, Jeiwan, Kek, Kresh, Madalad, MatricksDeCoder, MyFDsYours, RaymondFam, Rolezn, SAAJ, Sathish9098, Taloner, Udsen, Viktor_Cortess, atharvasama, ayden, brgltd, btk, carlitox477, catellatech, chaduke, codeislight, deadrxsezzz, descharre, erictee, fatherOfBlocks, favelanky, glcanvas, handsomegiraffe, jasonxiale, jekapi, joestakey, lemonr, luxartvinsec, martin, matrix_0wl, minhquanym, mrpathfindr, nadin, oyc_109, parsely, peanuts, pfedprog, rbserver, rokso, saian, santipu_, scokaf, slvDev, tsvetanovv, ubl4nk, ulqiorra, yamapyblack, zaskoh

Awards

29.6697 USDC - $29.67

Labels

bug
grade-b
QA (Quality Assurance)
sponsor confirmed
Q-05

External Links

Link to GitHub issue

QA & Low

Needless multiplying and dividing

Description

https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1022

citizenStatus.points = 100 * timelockMultiplier / _DIVISOR; but _DIVISOR == 100

Recommendation

fix for

citizenStatus.points = timelockMultiplier

Stake and Claim gas cost (possible out of gas)

Description

Functions for staking and claiming rewards are expensive (stake is around 13k), so if holder want to stake 2307 assets he can't stake more (30 000 000 gas). All that operations will be expensive.

Recommendation

paging? or store off-chain some data?

Useless parameter

Description

https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1668 https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1205 4 is impossible parameter there is no function for it, but it will pass this require

Recommendation

if (uint8(_assetType) == 2 || uint8(_assetType) > 3) (more gas efficient) or if (uint8(_assetType) == 2 || uint8(_assetType) >= 4) and if (uint8(_assetType) > 3) { (more gas efficient) or if (uint8(_assetType) >= 4) {

Better names for function parameters

Description
		string memory citizenCreditYield = getCreditYield(
			citizenId,
			citizenVaultId
		);

	function getCreditYield (
		uint256 _citizenId,
		uint256 _vaultId
	) public view returns (string memory) {

https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L625

Recommendation

rename names in function as:

	function getCreditYield (
		uint256 _citizenId,
		uint256 _citizenVaultId
	) public view returns (string memory) {

That function called only once in contracts.

#0 - c4-judge

2023-03-17T02:36:31Z

hansfriese marked the issue as grade-b

#1 - c4-sponsor

2023-03-21T00:40:28Z

TimTinkers marked the issue as sponsor confirmed

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter