Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $50,000 USDC
Total HM: 31
Participants: 99
Period: 5 days
Judges: moose-code, JasoonS, denhampreen
Total Solo HM: 17
Id: 139
League: ETH
Rank: 47/99
Findings: 2
Award: $81.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, FudgyDRS, Funen, GalloDaSballo, GimelSec, JC, Kaiziron, Lambda, Limbooo, Metatron, MiloTruck, Noah3o6, Picodes, PumpkingWok, PwnedNoMore, Sm4rty, StErMi, TomJ, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ak1, antonttc, berndartmueller, cccz, cryptphi, csanuragjain, defsec, delfin454000, dipp, elprofesor, exd0tpy, fatherOfBlocks, hake, hansfriese, hubble, joestakey, kenta, ladboy233, mics, oyc_109, pashov, pedr02b2, reassor, robee, samruna, scaraven, shung, sikorico, simon135, sseefried, tchkvsky, unforgiven, zzzitron
53.3348 USDC - $53.33
LOW - Staking.sol (lines 84-87) duplicate code (no side effects)
LOW - BatchRequests.sol (lines 73-75) ponential contract lock for external applications using getAddresses, as "contracts" array size gets very large the trasaction will have an increased likelihood of timing out (ie revert).
LOW - LiquidityReserve.sol (lines 92-98) setFee fee range can potentially be 100%, meaning possible for owner to honeypot.
LOW - Yieldy.sol (line 95) if _totalSupply is very large and _profit != 0, rebase will always fail. This is possible since role(MINTER_BURNER_ROLE) has unlimited access to mint and burn.
🌟 Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters
28.1525 USDC - $28.15
OPTIMIZATION - BatchRequests.sol (lines 19) sendWithdrawRequests - redundant test IStaking(contracts[i]).canBatchTransactions() is unnessicary since sendWithdrawlRequest already calls it. Becomes function sendWithdrawalRequests() external { uint256 contractsLength = contracts.length; for (uint256 i; i < contractsLength; ) { if ( contracts[i] != address(0)) { IStaking(contracts[i]).sendWithdrawalRequests(); } unchecked { ++i; } } }
OPTIMIZATION - BatchRequests.sol (all) contracts[] storage is more expensive to deploy and search is nessicary for changing data. Using mapping(address => bool) contracts makes more sense. Example contract revamp TBA
OPTIMIZATION - BatchRequests.sol (line 33) canBatchContract will save gas instantiating the value "batch" inside of the returns statement instead of a new variable: "returns(Batch[] memory batch)"
OPTIMIZATION - Staking.sol (lines 54-63) it's more efficent to not create a require statment than utilize the '&&' operator, write as: require(_stakingToken != address(0), "Invalid address"); require(_yieldyToken != address(0), "Invalid address"); require(_tokeToken != address(0), "Invalid address"); require(_tokePool != address(0), "Invalid address"); require(_tokeManager != address(0), "Invalid address"); require(_tokeReward != address(0), "Invalid address"); require(_liquidityReserve != address(0), "Invalid address");
OPTIMIZATION - Staking.sol lines(78-81) redundant if statement, already required _curvePool to be non-zero.
OPTIMIZATION - Staking.sol line(259-266) _isClaimAvailable will save gas instantiating the value "batch" inside of the returns statement instead of a new variable: "returns(Batch[] memory batch)"
#0 - toshiSat
2022-06-27T17:31:29Z
OPTIMIZATION - BatchRequests.sol (lines 19) sponsor confirmed
OPTIMIZATION - BatchRequests.sol (all) sponsor disputed - can't iterate over mapping
OPTIMIZATION - BatchRequests.sol (line 33) sponsor acknowledged
OPTIMIZATION - Staking.sol (lines 54-63) duplicate #305
OPTIMIZATION - Staking.sol lines(78-81) sponsor disputed, can't approve zero address
OPTIMIZATION - Staking.sol line(259-266) sponsor acknowledged