Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $75,000 USDC
Total HM: 6
Participants: 55
Period: 7 days
Judge: Albert Chon
Total Solo HM: 2
Id: 116
League: COSMOS
Rank: 26/55
Findings: 2
Award: $226.38
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry
113.5998 USDC - $113.60
The library versions used and the version indicated in CosmoToken.sol are inconsistent. The libraries are using OpenZeppelin v3 for solidity versions ^0.8.0, however, the contract uses version ^0.6.6.
Contracts should be deployed with the same compiler version and flags that they have been tested the most with. Locking the pragma helps ensure that contracts do not accidentally get deployed using, for example, the latest compiler which may have higher risks of undiscovered bugs. Contracts may also be deployed by others and the pragma indicates the compiler version intended by the original authors.
##Tool Used Manual Review
##Recommended Mitigation recommend maintaining consistent versioning throughout the entire contract.
🌟 Selected for report: GermanKuber
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, AlleyCat, CertoraInc, Dravee, Funen, GimelSec, IllIllI, JC, MaratCerby, WatchPug, Waze, defsec, delfin454000, ellahi, gzeon, hake, hansfriese, ilan, jonatascm, nahnah, oyc_109, peritoflores, rfa, robee, simon135, slywaters, sorrynotsorry
112.7769 USDC - $112.78
= 0This code can be saving more gas by removing = 0, it because If a variable was not set/initialized, it is assumed to have default value to 0
##TOOLS USED Manual Review
##Mitigation Step
Remove = 0
Using i++ instead ++i for all the loops, the variable i is incremented using i++. It is known that implementation by using ++i costs less gas per iteration than i++.
Manual Review
Gravity.sol#L128 Gravity.sol#L233 Gravity.sol#L263 Gravity.sol#L453 Gravity.sol#L569 Gravity.sol#L579 Gravity.sol#L660
uint256 i = 0 into uint256 i for saving more gasusing this implementation can saving more gas for each loops.
##Tool Used Manual Review
##Recommended Mitigation Change it
##Occurances
Gravity.sol#L128 Gravity.sol#L233 Gravity.sol#L263 Gravity.sol#L453 Gravity.sol#L569 Gravity.sol#L579 Gravity.sol#L660
This implementation can be saving more gas, since if caching the array length is more gas efficient. just because access to a local variable in solidity is more efficient.
##Tool Used Manual Review
##Occurances
Gravity.sol#L128 Gravity.sol#L233 Gravity.sol#L263 Gravity.sol#L453 Gravity.sol#L569 Gravity.sol#L579 Gravity.sol#L660
This cumulativePowerImplementation can be used for saving more gas, instead of doube caching, it can be changed by using += instead.
##POC https://www.tutorialspoint.com/solidity/solidity_operators.htm
##Tool Used Manual Review, Remix
##Recommended Mitigation
cumulativePower = cumulativePower + _powers[i];
change to :
cumulativePower += _powers[i];
##Another Occurances Gravity.sol#L244
Every reason string takes at least 32 bytes. Use short reason strings that fits in 32 bytes or it will become more expensive.
##Tool Used Manual Review
##Occurances Gravity.sol#L119 Gravity.sol#L256 Gravity.sol#L386 Gravity.sol#L492 Gravity.sol#L407 Gravity.sol#L496 Gravity.sol#L655 Gravity.sol#L668
The linked variables assigned in the constructor can be declared as immutable. Immutable state variables can be assigned during contract creation but will remain constant throughout the lifetime of a deployed contract. A big advantage of immutable variables is that reading them is significantly cheaper than reading from regular state variables since they will not be stored in storage.
##Tool Used Manual Review