Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $50,000 USDC
Total HM: 31
Participants: 99
Period: 5 days
Judges: moose-code, JasoonS, denhampreen
Total Solo HM: 17
Id: 139
League: ETH
Rank: 66/99
Findings: 2
Award: $79.72
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, FudgyDRS, Funen, GalloDaSballo, GimelSec, JC, Kaiziron, Lambda, Limbooo, Metatron, MiloTruck, Noah3o6, Picodes, PumpkingWok, PwnedNoMore, Sm4rty, StErMi, TomJ, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ak1, antonttc, berndartmueller, cccz, cryptphi, csanuragjain, defsec, delfin454000, dipp, elprofesor, exd0tpy, fatherOfBlocks, hake, hansfriese, hubble, joestakey, kenta, ladboy233, mics, oyc_109, pashov, pedr02b2, reassor, robee, samruna, scaraven, shung, sikorico, simon135, sseefried, tchkvsky, unforgiven, zzzitron
53.1414 USDC - $53.14
Information : L001 - Unsafe ERC20 Operation(s)
Staking.sol:471: IYieldy(YIELDY_TOKEN).transfer( Migration.sol:48: IYieldy(OLD_YIELDY_TOKEN).transferFrom(
It is recommended to always use OpenZeppelin's SafeERC20 library
🌟 Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters
26.5777 USDC - $26.58
!= 0 will do the same as > 0 for unsigned integers, but != 0 costs less gas compared to > 0 for unsigned integers in require statements with the optimizer enabled.
Yieldy.sol:83: require(_totalSupply > 0, "Can't rebase if not circulating"); Yieldy.sol:96: require(rebasingCreditsPerToken > 0, "Invalid change in supply"); Staking.sol:118: require(_recipient.amount > 0, "Must enter valid amount"); Staking.sol:410: require(_amount > 0, "Must have valid amount"); Staking.sol:572: require(_amount > 0, "Invalid amount"); Staking.sol:604: require(_amount > 0, "Invalid amount");
It is recommended to replace > 0 with != 0, as they do the same thing for unsigned integers, and '!= 0' costs less gas compared to > 0 in require statements with the optimizer enabled, also enable the optimizer.
For example :
Yieldy.sol:83: require(_totalSupply != 0, "Can't rebase if not circulating");
Uninitialized variables are assigned with the default value of their type, initializing a variable with its default value costs unnecessary gas.
Staking.sol:636: int128 from = 0; Staking.sol:637: int128 to = 0;
It is recommended to initialize variables without assigning them the default value, for example :
Staking.sol:636: int128 from;
Prefix increment ++i returns the updated value after it's incremented and postfix increment i++ returns the original value then increments it. Prefix increment costs less gas compared to postfix increment.
Staking.sol:708: epoch.number++;
It is recommended to use prefix increment instead of postfix one when the return value is not needed, as both of them will give the same result and prefix increment costs less gas.
For example :
Staking.sol:708: ++epoch.number;
public functions that are never called by the contract unstakeAllFromTokemak() should be declared external to save gas.
Staking.sol:370: function unstakeAllFromTokemak() public onlyOwner {
It is recommended to set the visibility of unstakeAllFromTokemak() to external, as it is never called by the contract, and it will cost less gas by setting to external compare to public.
For example :
Staking.sol:370: function unstakeAllFromTokemak() external onlyOwner {