Platform: Code4rena
Start Date: 07/04/2022
Pot Size: $100,000 USDC
Total HM: 20
Participants: 62
Period: 7 days
Judge: LSDan
Total Solo HM: 11
Id: 107
League: ETH
Rank: 28/62
Findings: 2
Award: $262.15
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0x1f8b, 0xDjango, 0xkatana, AuditsAreUS, Cityscape, Foundation, Funen, Hawkeye, IllIllI, JC, JMukesh, Jujic, Kthere, PPrieditis, Picodes, Ruhum, TerrierLover, TrungOre, WatchPug, berndartmueller, catchup, cccz, cmichel, delfin454000, dy, ellahi, hickuphh3, horsefacts, hubble, hyh, ilan, jayjonah8, kebabsec, kenta, minhquanym, pauliax, rayn, reassor, rfa, robee, samruna
152.5804 USDC - $152.58
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/tokens/StableCoin.sol#L32
there was no emit transfer event was used here
##Tool Used Manual Review
##Recommended Mitigation Remove it or change it
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/tokens/StableCoin.sol#L29 https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/tokens/StableCoin.sol#L36
since account can be changed by to and no require account can't be zero address it can be changed by using must have minter role to mint
##Tool Used Manual Review
##Recommended Mitigation Change it.
since is.contract() check ext.sizecode so it can being able to bypass this check it would be better using
logical, msg.sender != tx.origins.
##Tool Used Manual Review
##POC https://solidity-by-example.org/hacks/contract-size/ https://ethereum.stackexchange.com/questions/1891/whats-the-difference-between-msg-sender-and-tx-origin
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, Cityscape, Cr4ckM3, FSchmoede, Foundation, Funen, Hawkeye, IllIllI, JMukesh, Meta0xNull, PPrieditis, Picodes, TerrierLover, Tomio, WatchPug, berndartmueller, catchup, delfin454000, dirk_y, ellahi, hickuphh3, ilan, kebabsec, kenta, nahnah, rayn, rfa, robee, rokinot, saian, securerodd, slywaters, sorrynotsorry
109.5676 USDC - $109.57
> instead of!= for saving more gasusing > can be saving more gas
##Tool Used Remix
##Recommendation Mitigation
Change it into !=
this can be deleted to saving more gas since it unnecessary and it can be bug if can be burn amount more than msg.sender had.
##Tool Used Manual Review & Remix
Using i++ instead ++i for all the loops, the variable i is incremented using i++. It is known that implementation by using ++i costs less gas per iteration than i++.
Remix
main/contracts/farming/LPFarming.sol#L348 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L145 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L231 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L319
uint256 i = 0 into uint i for saving more gasthis implementation can saving more gas for each loops.
##Tool Used Manual Review & Remix
##Recommended Mitigation Change it
main/contracts/farming/LPFarming.sol#L348 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L145 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L231 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L319
this implementation can be saving more gas, since if caching the array length is more gas efficient. This is because access to a local variable in solidity is more efficient.
##Tool Used Manual Review
##Occurances
main/contracts/farming/LPFarming.sol#L348 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L145 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L231 main/contracts/vaults/yVault/strategies/StrategyPUSDConvex.sol#L319
= 0If a variable was not set/initialized, it is assumed to have default value to 0
this implementation was used for saving more gas by removing = 0
##TOOLS USED Remix, Manual Review
##Mitigation Step
Remove = 0
##Occurances
contracts/farming/LPFarming.sol#L340 contracts/farming/LPFarming.sol#L357