Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $50,000 USDC
Total HM: 31
Participants: 99
Period: 5 days
Judges: moose-code, JasoonS, denhampreen
Total Solo HM: 17
Id: 139
League: ETH
Rank: 60/99
Findings: 2
Award: $79.73
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, FudgyDRS, Funen, GalloDaSballo, GimelSec, JC, Kaiziron, Lambda, Limbooo, Metatron, MiloTruck, Noah3o6, Picodes, PumpkingWok, PwnedNoMore, Sm4rty, StErMi, TomJ, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ak1, antonttc, berndartmueller, cccz, cryptphi, csanuragjain, defsec, delfin454000, dipp, elprofesor, exd0tpy, fatherOfBlocks, hake, hansfriese, hubble, joestakey, kenta, ladboy233, mics, oyc_109, pashov, pedr02b2, reassor, robee, samruna, scaraven, shung, sikorico, simon135, sseefried, tchkvsky, unforgiven, zzzitron
53.1558 USDC - $53.16
1.) File : Staking.sol Line.155
@param _curvePool uint
actual code _curvePool was an address
2.) File : Yieldy.sol Line.180
@return bool - transfer succeeded
it can be changed into @return true if was successful
3.) File : Yieldy.sol Line.198-L221
@return true
1.) File : Staking.sol Line.410
// amount must be non zero
require(_amount > 0, "Must have valid amount"); // changed to "amount can't be zero"
2.) File : Staking.sol Lines.117-118
// cannot claim 0 require(_recipient.amount > 0, "Must enter valid amount"); // "recipient can't claim 0"
File : Staking.sol Lines.22-23
event LogSetWarmUpPeriod(uint256 indexed blockNumber, uint256 period); event LogSetCoolDownPeriod(uint256 indexed blockNumber, uint256 period);
and emitted to
emit LogSetCoolDownPeriod(block.number, _vestingPeriod);
It can be changed by doing this implementation below :
event LogSetWarmUpPeriod(uint256 indexed blockNumber, uint256 vestingPeriod); event LogSetCoolDownPeriod(uint256 indexed blockNumber, uint256 vestingPeriod);
Manual Review
Make sure though that you do not allow multiple initializations. For just a few parameters, simply add a check for each parameter, For many parameters, add an isInitialized boolean state variable:
contract MyContract { bool isInitialized = false; function initialize( uint256 _param1, uint256 _param2, uint256 _param3, address _param4, address _param5, bytes32 _param6, bytes32 _param7 ) public { require(!isInitialized, 'Contract is already initialized!'); isInitialized = true; param1 = _param1; ... param7 = _param7; } }
Manual Review
🌟 Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters
26.5713 USDC - $26.57
https://www.tutorialspoint.com/solidity/solidity_operators.htm
1.) File : Yieldy.sol Line.193
creditBalances[_to] = creditBalances[_to] + creditAmount;
changed to :
creditBalance[_to] += creditAmount;
2.) File : Yieldy.sol Line.217-218
creditBalances[_from] = creditBalances[_from] - creditAmount; creditBalances[_to] = creditBalances[_to] + creditAmount;
changed to
creditBalances[_from] -= creditAmount; creditBalances[_to] += creditAmount;
3.) File : Yieldy.sol Line.252-255
creditBalances[_address] = creditBalances[_address] + creditAmount; rebasingCredits = rebasingCredits + creditAmount; _totalSupply = _totalSupply + _amount;
change to :
creditBalances[_address] += creditAmount; rebasingCredits += creditAmount; _totalSupply += _amount;
4.) File : Yieldy.sol Line.288-291
creditBalances[_address] = creditBalances[_address] - creditAmount; rebasingCredits = rebasingCredits - creditAmount; _totalSupply = _totalSupply - _amount;
change to :
creditBalances[_address] -= creditAmount; rebasingCredits -= creditAmount; _totalSupply -= _amount;
main/src/contracts/Staking.sol#L708 epoch.number++; //++epoch.number;
= 0This implementation code can be saving more gas by removing = 0, it because If a variable was not set/initialized, it is assumed to have default value to 0
Manual Review
Remove = 0
main/src/contracts/Staking.sol#L714 epoch.distribute = 0; main/src/contracts/Staking.sol#L543 amountLeft = 0;
> used != for saving more gas1.) File : Staking.sol Line.118
require(_recipient.amount > 0, "Must enter valid amount");
2.) File : Staking.sol Line.410
require(_amount > 0, "Must have valid amount");
3.) File : Staking.sol Line.572
require(_amount > 0, "Invalid amount");