Back to KoKo's contests

Paladin - Warden Pledges contest - KoKo's results

A governance lending protocol transforming users voting power into a new money lego.

General Information

Platform: Code4rena

Start Date: 27/10/2022

Pot Size: $33,500 USDC

Total HM: 8

Participants: 96

Period: 3 days

Judge: kirk-baird

Total Solo HM: 1

Id: 176

League: ETH

Paladin

Findings Distribution

Researcher Performance

Rank: 88/96

Findings: 1

Award: $11.52

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPaladin

Findings Information

🌟 Selected for report: c3phas

Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler

Awards

11.5153 USDC - $11.52

Labels

bug
G (Gas Optimization)
edited-by-warden
grade-b
G-39

External Links

Link to GitHub issue

GAS ISSUES FOR 2022-10-PALADIN

[G-02] Make constant and immutable variables private instead of public

Description: Removes the getter function for this variable which saves gas. At the same time the variable get still be read from outside the contract

./contracts/WardenPledge.sol

L22:   uint256 public constant UNIT = 1e18;

L23:   uint256 public constant MAX_PCT = 10000;

L24:   uint256 public constant WEEK = 7 * 86400;

[G-03] If a function is not open to any user, it can be marked as payable to save gas

Description: Under the hood the compiler checks if a function is payable. The check is skipped if it is marked as such by the developer

./contracts/WardenPledge.sol

L560:  function addRewardToken(address token, uint256 minRewardPerSecond) external onlyOwner {

L570:  function updateRewardToken(address token, uint256 minRewardPerSecond) external onlyOwner {

L585:  function removeRewardToken(address token) external onlyOwner {

L599:  function updateChest(address chest) external onlyOwner {

L612:  function updateMinTargetVotes(uint256 newMinTargetVotes) external onlyOwner {

L625:  function updatePlatformFee(uint256 newFee) external onlyOwner {

L636:  function pause() external onlyOwner {

[G-04] != 0 comparison is cheaper than > 0

./contracts/WardenPledge.sol

L471:  if(remainingAmount > 0) {

L504:  if(remainingAmount > 0) {

[G-05] A=A+B costs less gas than A+=B if A and B are located in storage

./contracts/WardenPledge.sol

L268:  pledgeAvailableRewardAmounts[pledgeId] -= rewardAmount;

L340:  pledgeAvailableRewardAmounts[vars.newPledgeID] += vars.totalRewardAmount;

L401:  pledgeAvailableRewardAmounts[pledgeId] += totalRewardAmount;

[G-06] Mark contract constants with the constant and immutable keywords to save gas

./contracts/WardenPledge.sol

L60:   IVotingEscrow public votingEscrow;

L62:   IBoostV2 public delegationBoost;

[G-07] Cache variables that are read multiple times in a single fuction or loop

./contracts/WardenPledge.sol

L240:  delegationBoost.checkpoint_user(user);
L241:  if(delegationBoost.allowance(user, address(this)) < amount) revert Errors.InsufficientAllowance();
L242:  if(delegationBoost.delegable_balance(user) < amount) revert Errors.CannotDelegate();
L245:  if(delegationBoost.adjusted_balance_of(pledgeParams.receiver) + amount > pledgeParams.targetVotes) revert Errors.TargetVotesOverflow();
L248:  delegationBoost.boost(

#0 - c4-judge

2022-11-12T01:00:05Z

kirk-baird marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter