Golom contest - Rohan16's results

An NFT marketplace that offers the lowest industry fee, a publicly available order-book along with analytical tools.

General Information

Platform: Code4rena

Start Date: 26/07/2022

Pot Size: $75,000 USDC

Total HM: 29

Participants: 179

Period: 6 days

Judge: LSDan

Total Solo HM: 6

Id: 148

League: ETH

Golom

Findings Distribution

Researcher Performance

Rank: 110/179

Findings: 2

Award: $56.49

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Golom

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0x52, 0xA5DF, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xc0ffEE, 0xf15ers, 0xmatt, 0xsanson, 0xsolstars, 8olidity, AuditsAreUS, Bahurum, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chom, CryptoMartian, Deivitto, DevABDee, Dravee, ElKu, Franfran, Funen, GalloDaSballo, GimelSec, GiveMeTestEther, Green, JC, Jmaxmanblue, JohnSmith, Jujic, Junnon, Kenshin, Krow10, Kumpa, Lambda, MEP, Maxime, MiloTruck, Mohandes, NoamYakov, Picodes, RedOneN, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, Soosh, StErMi, StyxRave, Tadashi, TomJ, Treasure-Seeker, TrungOre, Waze, _Adam, __141345__, ajtra, ak1, apostle0x01, arcoun, asutorufos, async, benbaessler, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, carlitox477, chatch, codetilda, codexploder, cryptonue, cryptphi, csanuragjain, cthulhu_cult, delfin454000, dipp, dirk_y, djxploit, ellahi, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, horsefacts, hyh, idkwhatimdoing, indijanc, jayfromthe13th, jayphbee, joestakey, kenzo, kyteg, lucacez, luckypanda, mics, minhquanym, obront, oyc_109, pedr02b2, rajatbeladiya, rbserver, reassor, robee, rokinot, rotcivegaf, sach1r0, saian, saneryee, sashik_eth, scaraven, shenwilly, simon135, sseefried, supernova, teddav, ych18, zuhaibmohd, zzzitron

Awards

35.1687 USDC - $35.17

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

1. REMOVE COMMENTED OUT CODE

Instances

//Links to githubfile

// function removeDelegationByOwner(uint256 delegatedTokenId, uint256 ownerTokenId) external {

2.USE A MORE RECENT VERSION OF SOLIDITY

There are many function which are not compatible to run in version less than pragma solidity 0.8.12 ., So try to use updated version of solidity

Instances

//Links to githubfile

https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/governance/GolomToken.sol#L2 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowDelegation.sol#L2 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/rewards/RewardDistributor.sol#L2 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L3 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L2 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/TokenUriHelper.sol#L3

contracts/governance/GolomToken.sol:2:               pragma solidity ^0.8.11;
contracts/vote-escrow/VoteEscrowDelegation.sol:2:               pragma solidity 0.8.11;
contracts/rewards/RewardDistributor.sol:2:               pragma solidity 0.8.11;
contracts/core/GolomTrader.sol:3:               pragma solidity 0.8.11;
contracts/vote-escrow/VoteEscrowCore.sol:2:            pragma solidity 0.8.11;
contracts/vote-escrow/TokenUriHelper.sol:3:             pragma solidity 0.8.11;

3. USE OF FLOATING PRAGMA

Recommend using fixed solidity version

Instances

// Links to githubfile https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/governance/GolomToken.sol#L2

// actual codes 
contracts/governance/GolomToken.sol:2:               pragma solidity ^0.8.11;

4. Unchecked Return Value for transfer & transferFrom call

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom It is good to add a require() statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.

Instances

// Links to githubfile https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L861 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L1023 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L154 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L236 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L301 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L361 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L382

contracts/vote-escrow/VoteEscrowCore.sol:861:            assert(IERC20(token).transferFrom(from, address(this), _value));
contracts/vote-escrow/VoteEscrowCore.sol:1023:        assert(IERC20(token).transfer(msg.sender, value));
contracts/core/GolomTrader.sol:154:            payable(payAddress).transfer(payAmt); // royalty transfer to royaltyaddress
contracts/core/GolomTrader.sol:236:            ERC721(o.collection).transferFrom(o.signer, receiver, o.tokenId);
contracts/core/GolomTrader.sol:301:            nftcontract.transferFrom(msg.sender, o.signer, o.tokenId);
contracts/core/GolomTrader.sol:361:            nftcontract.transferFrom(msg.sender, o.signer, tokenId);
contracts/core/GolomTrader.sol:382:        WETH.transferFrom(o.signer, address(this), o.totalAmt * amount);

Recommended Mitigation Steps:

Consider using safeTransfer/safeTransferFrom or require() consistently.

5. USE _SAFEMINT() INSTEAD OF _MINT()

Instances

// Links to githubfile https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L37 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L44 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L52 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L950

//actual codes used in contracts

contracts/governance/GolomToken.sol:37:        _mint(_account, _amount);
contracts/governance/GolomToken.sol:44:        _mint(_airdrop, 150_000_000 * 1e18);
contracts/governance/GolomToken.sol:52:        _mint(_rewardDistributor, 62_500_000 * 1e18);
contracts/vote-escrow/VoteEscrowCore.sol:950:        _mint(_to, _tokenId);

6. Unused receive() function will lock Ether in contract

If the intention is for the Ether to be used, the function should call another function, otherwise it should revert.

Instances:

contracts/core/GolomTrader.sol:461: contracts/rewards/RewardDistributor.sol:315:


contracts/core/GolomTrader.sol:461:    receive() external payable {}
contracts/rewards/RewardDistributor.sol:315:    receive() external payable {}

Referencs

https://code4rena.com/reports/2022-05-sturdy#l-06-unused-receive-function-will-lock-ether-in-contract

Findings Information

🌟 Selected for report: JohnSmith

Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xKitsune, 0xLovesleep, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Aymen0909, Bnke0x0, CRYP70, Chandr, Chinmay, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, Funen, GalloDaSballo, Green, IllIllI, JC, Jmaxmanblue, Junnon, Kaiziron, Kenshin, Krow10, Maxime, Migue, MiloTruck, Noah3o6, NoamYakov, Randyyy, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StyxRave, TomJ, Tomio, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, async, benbaessler, brgltd, c3phas, cRat1st0s, carlitox477, delfin454000, djxploit, durianSausage, ellahi, erictee, fatherOfBlocks, gerdusx, gogo, hyh, jayfromthe13th, jayphbee, joestakey, kaden, kenzo, kyteg, ladboy233, lucacez, m_Rassska, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, rfa, robee, rokinot, sach1r0, saian, samruna, sashik_eth, simon135, supernova, tofunmi, zuhaibmohd

Awards

21.3211 USDC - $21.32

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

1.USING > 0 COSTS MORE GAS THAN != 0 WHEN USED ON A UINT IN A REQUIRE() STATEMENT

Instances

//Links to githubfile https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L927 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L928 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L944 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L982 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#L997

//actual codes which shows the use.

contracts/vote-escrow/VoteEscrowCore.sol:927:        require(_value > 0); // dev: need non-zero value
contracts/vote-escrow/VoteEscrowCore.sol:928:        require(_locked.amount > 0, 'No existing lock found');
contracts/vote-escrow/VoteEscrowCore.sol:944:        require(_value > 0); // dev: need non-zero value
contracts/vote-escrow/VoteEscrowCore.sol:982:        require(_locked.amount > 0, 'No existing lock found');
contracts/vote-escrow/VoteEscrowCore.sol:997:        require(_locked.amount > 0, 'Nothing is locked');

2.<ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP

The overheads outlined below are PER LOOP, excluding the first loop storage arrays incur a Gwarmaccess (100 gas) memory arrays use MLOAD (3 gas) calldata arrays use CALLDATALOAD (3 gas). Caching the length changes each of these to a DUP<N> (3 gas), and gets rid of the extra DUP<N> needed to store the stack offset

Instances

//Links to githubfile

https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowDelegation.sol#L171 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowDelegation.sol#L189 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowDelegation.sol#L199 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#L415

contracts/rewards/RewardDistributor.sol

//actual codes which shows the use.

contracts/vote-escrow/VoteEscrowDelegation.sol:171:        for (uint256 index = 0; index < delegated.length; index++)
contracts/vote-escrow/VoteEscrowDelegation.sol:189:        for (uint256 index = 0; index < delegatednft.length; index++) 
contracts/vote-escrow/VoteEscrowDelegation.sol:199:        for (uint256 i; i < _array.length; i++) 
contracts/core/GolomTrader.sol:415:        for (uint256 i = 0; i < proof.length; i++) 
contracts/rewards/RewardDistributor.sol:143:        for (uint256 index = 0; index < epochs.length; index++) {
contracts/rewards/RewardDistributor.sol:157:        for (uint256 index = 0; index < epochs.length; index++) {
contracts/rewards/RewardDistributor.sol:180:        for (uint256 tindex = 0; tindex < tokenids.length; tindex++) {
contracts/rewards/RewardDistributor.sol:183:            for (uint256 index = 0; index < epochs.length; index++) {

3.++I COSTS LESS GAS THAN I++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS

Instances

// Links to githubfile https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/TokenUriHelper.sol#138

//actual code which show the use 
contracts/vote-escrow/TokenUriHelper.sol:138:            digits++;

4.USE CUSTOM ERRORS RATHER THAN REVERT()/REQUIRE() STRINGS TO SAVE DEPLOYMENT GAS

Custom errors are available from solidity version 0.8.4. The instances below match or exceed that version

Instances

// Links to githubfile

GolomToken https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/governance/GolomToken.sol#24 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/governance/GolomToken.sol#43 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/governance/GolomToken.sol#51 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/governance/GolomToken.sol#69

//actual code which shows the use

GolomToken

contracts/governance/GolomToken.sol:24:        require(msg.sender == minter, 'GolomToken: only reward distributor can enable');
contracts/governance/GolomToken.sol:43:        require(!isAirdropMinted, 'already minted');
contracts/governance/GolomToken.sol:51:        require(!isGenesisRewardMinted, 'already minted');
contracts/governance/GolomToken.sol:69:            require(minterEnableDate <= block.timestamp, 'GolomToken: wait for timelock')

VoteEscrowDelegation

contracts/vote-escrow/VoteEscrowDelegation.sol:72:        require(ownerOf(tokenId) == msg.sender, 'VEDelegation: Not allowed');
contracts/vote-escrow/VoteEscrowDelegation.sol:73:        require(this.balanceOfNFT(tokenId) >= MIN_VOTING_POWER_REQUIRED, 'VEDelegation: Need more voting power');
contracts/vote-escrow/VoteEscrowDelegation.sol:99:        require(_delegatedTokenIds.length < 500, 'VVDelegation: Cannot stake more');
contracts/vote-escrow/VoteEscrowDelegation.sol:130:        require(blockNumber < block.number, 'VEDelegation: not yet determined');
contracts/vote-escrow/VoteEscrowDelegation.sol:186:        require(blockNumber < block.number, 'VEDelegation: not yet determined');
contracts/vote-escrow/VoteEscrowDelegation.sol:211:        require(ownerOf(tokenId) == msg.sender, 'VEDelegation: Not allowed');
contracts/vote-escrow/VoteEscrowDelegation.sol:220:    //     require(ownerOf(ownerTokenId) == msg.sender, 'VEDelegation: Not allowed');
contracts/vote-escrow/VoteEscrowDelegation.sol:239:        require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');

VoteEscrowCore

contracts/vote-escrow/VoteEscrowCore.sol:538:        require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
contracts/vote-escrow/VoteEscrowCore.sol:928:        require(_locked.amount > 0, 'No existing lock found');
contracts/vote-escrow/VoteEscrowCore.sol:929:        require(_locked.end > block.timestamp, 'Cannot add to expired lock. Withdraw');
contracts/vote-escrow/VoteEscrowCore.sol:945:        require(unlock_time > block.timestamp, 'Can only lock until time in the future');
contracts/vote-escrow/VoteEscrowCore.sol:946:        require(unlock_time <= block.timestamp + MAXTIME, 'Voting lock can be 4 years max');
contracts/vote-escrow/VoteEscrowCore.sol:982:        require(_locked.amount > 0, 'No existing lock found');
contracts/vote-escrow/VoteEscrowCore.sol:983:        require(_locked.end > block.timestamp, 'Cannot add to expired lock. Withdraw');
contracts/vote-escrow/VoteEscrowCore.sol:996:        require(_locked.end > block.timestamp, 'Lock expired');
contracts/vote-escrow/VoteEscrowCore.sol:997:        require(_locked.amount > 0, 'Nothing is locked');
contracts/vote-escrow/VoteEscrowCore.sol:998:        require(unlock_time > _locked.end, 'Can only increase lock duration');
contracts/vote-escrow/VoteEscrowCore.sol:999:        require(unlock_time <= block.timestamp + MAXTIME, 'Voting lock can be 4 years max');
contracts/vote-escrow/VoteEscrowCore.sol:1008:        require(attachments[_tokenId] == 0 && !voted[_tokenId], 'attached');
contracts/vote-escrow/VoteEscrowCore.sol:1011:        require(block.timestamp >= _locked.end, "The lock didn't expire");
contracts/vote-escrow/VoteEscrowCore.sol:1082:        require(idToOwner[_tokenId] != address(0), 'Query for nonexistent token');
contracts/vote-escrow/VoteEscrowCore.sol:1227:        require(_isApprovedOrOwner(msg.sender, _tokenId), 'caller is not owner nor approved');


GolomTrader
contracts/core/GolomTrader.sol:177:        require(signaturesigner == o.signer, 'invalid signature');
contracts/core/GolomTrader.sol:217:        require(msg.value >= o.totalAmt * amount + p.paymentAmt, 'mgmtm');
contracts/core/GolomTrader.sol:222:        require(o.orderType == 0, 'invalid orderType');
contracts/core/GolomTrader.sol:226:        require(status == 3, 'order not valid');
contracts/core/GolomTrader.sol:227:        require(amountRemaining >= amount, 'order already filled');
contracts/core/GolomTrader.sol:235:            require(amount == 1, 'only 1 erc721 at 1 time');
contracts/core/GolomTrader.sol:299:            require(amount == 1, 'only 1 erc721 at 1 time');
contracts/core/GolomTrader.sol:359:            require(amount == 1, 'only 1 erc721 at 1 time');
contracts/core/GolomTrader.sol:455:        require(distributorEnableDate <= block.timestamp, 'not allowed');

5. Reduce the size of error messages (Long revert Strings)

Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition is met.

Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.

Instances

// Links to githubfile

https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/core/GolomTrader.sol#24 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowDelegation.sol#73 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#929 https://github.com/code-423n4/2022-07-golom/blob/7bbb55fca61e6bae29e57133c1e45806cbb17aa4/contracts/vote-escrow/VoteEscrowCore.sol#945

// actual code which shows the use
contracts/governance/GolomToken.sol:24:        require(msg.sender == minter, 'GolomToken: only reward distributor can enable');
contracts/vote-escrow/VoteEscrowDelegation.sol:73:       require(this.balanceOfNFT(tokenId) >= MIN_VOTING_POWER_REQUIRED, 'VEDelegation: Need more voting power');
contracts/vote-escrow/VoteEscrowCore.sol:929:        require(_locked.end > block.timestamp, 'Cannot add to expired lock. Withdraw');
contracts/vote-escrow/VoteEscrowCore.sol:945:        require(unlock_time > block.timestamp, 'Can only lock until time in the future');

Recommendations: I suggest shortening the revert strings to fit in 32 bytes, or that using custom errors as described next.**

Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met)

6. IT COSTS MORE GAS TO INITIALIZE VARIABLES TO ZERO THAN TO LET THE DEFAULT OF ZERO BE APPLIED

Instances

// actual code which shows the use

contracts/vote-escrow/VoteEscrowDelegation.sol:147:        uint256 lower = 0;
contracts/vote-escrow/VoteEscrowDelegation.sol:170:        uint256 votes = 0;
contracts/vote-escrow/VoteEscrowDelegation.sol:188:        uint256 votes = 0;
contracts/vote-escrow/VoteEscrowCore.sol:1042:        uint256 _min = 0;
contracts/vote-escrow/VoteEscrowCore.sol:1113:        uint256 _min = 0;
contracts/vote-escrow/VoteEscrowCore.sol:1133:        uint256 d_block = 0;
contracts/vote-escrow/VoteEscrowCore.sol:1134:        uint256 d_t = 0;
contracts/vote-escrow/VoteEscrowCore.sol:1211:        uint256 dt = 0;

7. ++i/i++ should be unchecked{++i}/unchecked{i++} when it is not possible for them to overflow, as is the case when used in for- and while-loops

The unchecked keyword is new in solidity version 0.8.0, so this only applies to that version or higher, which these instances are. This saves 30-40 gas per loop

Instances:

contracts/core/GolomTrader.sol

contracts/core/GolomTrader.sol:415:        for (uint256 i = 0; i < proof.length; i++) {

contracts/rewards/RewardDistributor.sol

contracts/rewards/RewardDistributor.sol:143:        for (uint256 index = 0; index < epochs.length; index++) {
contracts/rewards/RewardDistributor.sol:157:        for (uint256 index = 0; index < epochs.length; index++) {
contracts/rewards/RewardDistributor.sol:180:        for (uint256 tindex = 0; tindex < tokenids.length; tindex++) {
contracts/rewards/RewardDistributor.sol:183:            for (uint256 index = 0; index < epochs.length; index++) {
contracts/rewards/RewardDistributor.sol:226:        for (uint256 index = 0; index < epoch; index++) {
contracts/rewards/RewardDistributor.sol:258:        for (uint256 index = 0; index < epoch; index++) {
contracts/rewards/RewardDistributor.sol:273:        for (uint256 index = 0; index < epoch; index++) {

contracts/vote-escrow/VoteEscrowDelegation.sol

contracts/vote-escrow/VoteEscrowDelegation.sol:171:        for (uint256 index = 0; index < delegated.length; index++) {
contracts/vote-escrow/VoteEscrowDelegation.sol:189:        for (uint256 index = 0; index < delegatednft.length; index++) {
contracts/vote-escrow/VoteEscrowDelegation.sol:199:        for (uint256 i; i < _array.length; i++) {

8. '10 ** 18' can be changed to 1e18 and save some gas Submitted by WatchPug, also found by robee

10 ** 18 can be changed to 1e18 to avoid unnecessary arithmetic operation and save gas.s

Instances:

contracts/rewards/RewardDistributor.sol:48 contracts/rewards/RewardDistributor.sol:100

contracts/rewards/RewardDistributor.sol:48:    uint256 constant dailyEmission = 600000 * 10**18;
contracts/rewards/RewardDistributor.sol:100:        if (rewardToken.totalSupply() > 1000000000 * 10**18) {

Golom contest - Rohan16's results

An NFT marketplace that offers the lowest industry fee, a publicly available order-book along with analytical tools.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-103] QA Report - $35.17

Findings Information

Awards

Labels

External Links

1. REMOVE COMMENTED OUT CODE

Instances

2.USE A MORE RECENT VERSION OF SOLIDITY

Instances

3. USE OF FLOATING PRAGMA

Instances

4. Unchecked Return Value for transfer & transferFrom call

Instances

Recommended Mitigation Steps:

5. USE _SAFEMINT() INSTEAD OF _MINT()

Instances

6. Unused receive() function will lock Ether in contract

Instances:

Referencs

[G-77] Gas Report - $21.32

Findings Information

Awards

Labels

External Links

1.USING > 0 COSTS MORE GAS THAN != 0 WHEN USED ON A UINT IN A REQUIRE() STATEMENT

Instances

2.<ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP

Instances

3.++I COSTS LESS GAS THAN I++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS

Instances

4.USE CUSTOM ERRORS RATHER THAN REVERT()/REQUIRE() STRINGS TO SAVE DEPLOYMENT GAS

Instances

5. Reduce the size of error messages (Long revert Strings)

Instances

6. IT COSTS MORE GAS TO INITIALIZE VARIABLES TO ZERO THAN TO LET THE DEFAULT OF ZERO BE APPLIED

Instances

7. ++i/i++ should be unchecked{++i}/unchecked{i++} when it is not possible for them to overflow, as is the case when used in for- and while-loops

Instances:

8. '10 ** 18' can be changed to 1e18 and save some gas Submitted by WatchPug, also found by robee

Instances: