Platform: Code4rena
Start Date: 26/07/2022
Pot Size: $75,000 USDC
Total HM: 29
Participants: 179
Period: 6 days
Judge: LSDan
Total Solo HM: 6
Id: 148
League: ETH
Rank: 104/179
Findings: 2
Award: $56.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0xA5DF, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xc0ffEE, 0xf15ers, 0xmatt, 0xsanson, 0xsolstars, 8olidity, AuditsAreUS, Bahurum, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chom, CryptoMartian, Deivitto, DevABDee, Dravee, ElKu, Franfran, Funen, GalloDaSballo, GimelSec, GiveMeTestEther, Green, JC, Jmaxmanblue, JohnSmith, Jujic, Junnon, Kenshin, Krow10, Kumpa, Lambda, MEP, Maxime, MiloTruck, Mohandes, NoamYakov, Picodes, RedOneN, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, Soosh, StErMi, StyxRave, Tadashi, TomJ, Treasure-Seeker, TrungOre, Waze, _Adam, __141345__, ajtra, ak1, apostle0x01, arcoun, asutorufos, async, benbaessler, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, carlitox477, chatch, codetilda, codexploder, cryptonue, cryptphi, csanuragjain, cthulhu_cult, delfin454000, dipp, dirk_y, djxploit, ellahi, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, horsefacts, hyh, idkwhatimdoing, indijanc, jayfromthe13th, jayphbee, joestakey, kenzo, kyteg, lucacez, luckypanda, mics, minhquanym, obront, oyc_109, pedr02b2, rajatbeladiya, rbserver, reassor, robee, rokinot, rotcivegaf, sach1r0, saian, saneryee, sashik_eth, scaraven, shenwilly, simon135, sseefried, supernova, teddav, ych18, zuhaibmohd, zzzitron
35.1687 USDC - $35.17
This comment was not the same as actual code.
// uint256 tokenToEmit = dailyEmission * rewardToken.balanceOf()/
eversince, an actual code was
uint256 tokenToEmit = (dailyEmission * (rewardToken.totalSupply() - rewardToken.balanceOf(address(ve)))) / rewardToken.totalSupply();
it could be changed into :
// uint256 tokenToEmit = dailyEmission * (rewardToken.totalSupply - rewardToken.balanceOf((ve))))/ rewardToken.totalSupply();
function setMinter should validate that _minter is not an empty (0x0) address.
require(_minter != address(0), "!_minter");
Since it was used ^0.8.11. As the compiler can be use for example 0.8.x and consider locking at this version the same as another. It can be consider using locking the pragma version whenever possible and avoid using a floating pragma in the final deployment. Since it can be problematic, if there are publicly disclosed bugs and issues that affect the current compiler version used.
150_000_000
62_500_000
epoch += 1;
begiining into beginning
Rather than used /// [MIT License] it can be changed into,
// SPDX-License-Identifier: MIT
mgmtm it can be decleared what it is on above or right side.
🌟 Selected for report: JohnSmith
Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xKitsune, 0xLovesleep, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Aymen0909, Bnke0x0, CRYP70, Chandr, Chinmay, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, Funen, GalloDaSballo, Green, IllIllI, JC, Jmaxmanblue, Junnon, Kaiziron, Kenshin, Krow10, Maxime, Migue, MiloTruck, Noah3o6, NoamYakov, Randyyy, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StyxRave, TomJ, Tomio, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, async, benbaessler, brgltd, c3phas, cRat1st0s, carlitox477, delfin454000, djxploit, durianSausage, ellahi, erictee, fatherOfBlocks, gerdusx, gogo, hyh, jayfromthe13th, jayphbee, joestakey, kaden, kenzo, kyteg, ladboy233, lucacez, m_Rassska, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, rfa, robee, rokinot, sach1r0, saian, samruna, sashik_eth, simon135, supernova, tofunmi, zuhaibmohd
21.3211 USDC - $21.32
Every reason string takes at least 32 bytes. Use short reason strings that fits in 32 bytes or it will become more expensive.
/contracts/governance/GolomToken.sol#L24 'GolomToken: only reward distributor can enable' /contracts/governance/GolomToken.sol#L69 'GolomToken: wait for timelock' /contracts/vote-escrow/VoteEscrowDelegation.sol#L73 'VEDelegation: Need more voting power' /contracts/vote-escrow/VoteEscrowDelegation.sol#L99 'VVDelegation: Cannot stake more' /contracts/rewards/RewardDistributor.sol#L181 'Can only claim for a single Address together' /contracts/rewards/RewardDistributor.sol#L184 'cant claim for future epochs' /contracts/rewards/RewardDistributor.sol#L185 'cant claim if already claimed' /contracts/rewards/RewardDistributor.sol#L292 'RewardDistributor: time not over yet' /contracts/rewards/RewardDistributor.sol#L309 'RewardDistributor: time not over yet'
= 0This implementation code can be saving more gas by removing = 0, it because If a variable was not set/initialized, it is assumed to have default value to 0
Files :
Custom errors can be used from Solidity 0.8.4 are cheaper than revert strings. Its cheaper deployment cost and runtime cost when the revert condition is met.
https://blog.soliditylang.org/2021/04/21/custom-errors/
/contracts/governance/GolomToken.sol#L24 /contracts/governance/GolomToken.sol#L69 /contracts/vote-escrow/VoteEscrowDelegation.sol#L73 /contracts/vote-escrow/VoteEscrowDelegation.sol#L99 /contracts/rewards/RewardDistributor.sol#L181 /contracts/rewards/RewardDistributor.sol#L184 /contracts/rewards/RewardDistributor.sol#L185 /contracts/rewards/RewardDistributor.sol#L292 /contracts/rewards/RewardDistributor.sol#L309
used 1e27 instead of 1000000000 it can be saving more gas
another file :
++i than i++ for saving more gasUsing i++ instead ++i for all the loops, the variable i is incremented using i++. It is known that implementation by using ++i costs less gas per iteration than i++.
Manual Review
/contracts/rewards/RewardDistributor.sol#L143 for (uint256 index = 0; index < epochs.length; index++) { /contracts/rewards/RewardDistributor.sol#L157 for (uint256 index = 0; index < epochs.length; index++) { /contracts/rewards/RewardDistributor.sol#L180 for (uint256 tindex = 0; tindex < tokenids.length; tindex++) { /contracts/rewards/RewardDistributor.sol#L183 for (uint256 index = 0; index < epochs.length; index++) { /contracts/rewards/RewardDistributor.sol#L226 for (uint256 index = 0; index < epoch; index++) { /contracts/rewards/RewardDistributor.sol#L258 for (uint256 index = 0; index < epoch; index++) /contracts/rewards/RewardDistributor.sol#L273 for (uint256 index = 0; index < epoch; index++)
uint256 index = 0 into uint256 index for saving more gasusing this implementation can saving more gas for each loops.
Manual Review
Change it
/contracts/rewards/RewardDistributor.sol#L143 for (uint256 index = 0; index < epochs.length; index++) { /contracts/rewards/RewardDistributor.sol#L157 for (uint256 index = 0; index < epochs.length; index++) { /contracts/rewards/RewardDistributor.sol#L180 for (uint256 tindex = 0; tindex < tokenids.length; tindex++) { /contracts/rewards/RewardDistributor.sol#L183 for (uint256 index = 0; index < epochs.length; index++) { /contracts/rewards/RewardDistributor.sol#L226 for (uint256 index = 0; index < epoch; index++) { /contracts/rewards/RewardDistributor.sol#L258 for (uint256 index = 0; index < epoch; index++) /contracts/rewards/RewardDistributor.sol#L273 for (uint256 index = 0; index < epoch; index++)