Platform: Code4rena
Start Date: 30/05/2023
Pot Size: $300,500 USDC
Total HM: 79
Participants: 101
Period: about 1 month
Judge: Trust
Total Solo HM: 36
Id: 242
League: ETH
Rank: 30/101
Findings: 2
Award: $1,413.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xSmartContract
Also found by: 3kus-iosiro, Audit_Avengers, ByteBandits, IllIllI, Kamil-Chmielewski, Madalad, RED-LOTUS-REACH, Rolezn, Sathish9098, Stormreckson, Udsen, bin2chen, brgltd, ihtishamsudo, kaveyjoe, kodyvim, lukejohn, matrix_0wl, mgf15, nadin
803.432 USDC - $803.43
| Issue | Contexts | |
|---|---|---|
| LOW‑1 | Add to blacklist function | 53 |
| LOW‑2 | IERC20 approve() Is Deprecated | 2 |
| LOW‑3 | Consider the case where totalsupply is 0 | 9 |
| LOW‑4 | Contract will stop functioning in the year 2106 | 1 |
| LOW‑5 | decimals() not part of ERC20 standard | 25 |
| LOW‑6 | External call recipient may consume all transaction gas | 82 |
| LOW‑7 | Init functions are susceptible to front-running | 3 |
| LOW‑8 | Low Level Calls With Solidity Version 0.8.14 Can Result In Optimiser Bug | 6 |
| LOW‑9 | Minting tokens to the zero address should be avoided | 8 |
| LOW‑10 | The Contract Should approve(0) First | 2 |
| LOW‑11 | Missing Contract-existence Checks Before Low-level Calls | 30 |
| LOW‑12 | Missing ReEntrancy Guard to withdraw function | 1 |
| LOW‑13 | Contracts are not using their OZ Upgradeable counterparts | 8 |
| LOW‑14 | Solidity version 0.8.20 may not work on other chains due to PUSH0 | 145 |
| LOW‑15 | Storage Write Removal Bug On Conditional Early Termination | 1 |
| LOW‑16 | Upgrade OpenZeppelin Contract Dependency | 1 |
Total: 377 contexts over 16 issues
| Issue | Contexts | |
|---|---|---|
| NC‑1 | Avoid the use of sensitive terms | 61 |
| NC‑2 | No need for == true or == false checks | 1 |
| NC‑3 | Compliance with Solidity Style rules in Constant expressions | 5 |
| NC‑4 | Consider adding a deny-list | 9 |
| NC‑5 | Consistent usage of require vs custom error | 263 |
| NC‑6 | Duplicated require()/revert() Checks Should Be Refactored To A Modifier Or Function | 15 |
| NC‑7 | Events are missing sender information | 22 |
| NC‑8 | Use delete to Clear Variables | 25 |
| NC‑9 | Immutables can be named using the same convention | 44 |
| NC‑10 | No need to initialize uints to zero | 3 |
| NC‑11 | Memory-safe annotation preferred over comment variant | 554 |
| NC‑12 | Missing event for critical parameter change | 15 |
| NC‑13 | Non-assembly Method Available | 1 |
| NC‑14 | Non-external/public function names should begin with an underscore | 64 |
| NC‑15 | Omissions in Events | 4 |
| NC‑16 | Operations such as the changing of the owner should be behind a timelock | 3 |
| NC‑17 | Using >/>= without specifying an upper bound is unsafe | 11 |
| NC‑18 | Private variables dont respect naming convention | 5 |
| NC‑19 | Public Functions Not Called By The Contract Should Be Declared External Instead | 15 |
| NC‑20 | Empty blocks should be removed or emit something | 24 |
| NC‑21 | Redundant Cast | 4 |
| NC‑22 | Remove unused contract variables | 7 |
| NC‑23 | Remove unused error definition | 7 |
| NC‑24 | Using underscore at the end of variable name | 7 |
| NC‑25 | Use bytes.concat() | 31 |
| NC‑26 | Use `` instead of "0x00" for empty bytes to avoid triggering extra computation on transfers | 9 |
| NC‑27 | Use @inheritdoc rather than using a non-standard annotation | 34 |
| NC‑28 | Use named function calls | 1 |
| NC‑29 | Cast to bytes or bytes32 for clearer semantic meaning | 13 |
Total: 1257 contexts over 29 issues
blacklist functionAs stated in the project:
- Is it an NFT?: true
NFT thefts have increased recently, so with the addition of hacked NFTs to the platform, NFTs can be converted into liquidity. To prevent this, I recommend adding the blacklist function.
Marketplaces such as Opensea have a blacklist feature that will not list NFTs that have been reported theft, NFT projects such as Manifold have blacklist functions in their smart contracts.
Here is the project example; Manifold
Manifold Contract https://etherscan.io/address/0xe4e4003afe3765aca8149a82fc064c0b125b9e5a#code
modifier nonBlacklistRequired(address extension) { require(!_blacklistedExtensions.contains(extension), "Extension blacklisted"); _; }
Add to Blacklist function and modifier.
approve() Is Deprecatedapprove() is subject to a known front-running attack. It is deprecated in favor of safeIncreaseAllowance() and safeDecreaseAllowance(). If only setting the initial allowance to the value that means infinite, safeIncreaseAllowance() can be used instead.
https://docs.openzeppelin.com/contracts/3.x/api/token/erc20#IERC20-approve-address-uint256-
File: MulticallRootRouter.sol 120: ERC20hTokenRoot(outputToken).approve(bridgeAgentAddress, amountOut);
File: MulticallRootRouter.sol 148: ERC20hTokenRoot(outputTokens[i]).approve(bridgeAgentAddress, amountsOut[i]);
Consider using safeIncreaseAllowance() / safeDecreaseAllowance() instead.
totalsupply is 0Consider the case where totalsupply is 0. When totalsupply is 0, it should return 0 directly, because there will be an error of dividing by 0.
This would cause the affected functions to revert and as a result can lead to potential loss.
File: BaseV2Minter.sol 119: return (vault.totalAssets() * _minted) / HERMES(underlying).totalSupply();
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L119
File: ERC4626PartnerManager.sol 162: return (address(bHermesToken).balanceOf(address(this))) / bHermesRate - totalSupply; 168: return (address(bHermesToken).balanceOf(address(this))) / bHermesRate - totalSupply;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/ERC4626PartnerManager.sol#L162
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/ERC4626PartnerManager.sol#L168
File: ERC4626PartnerManager.sol 219: if (newRate > (address(bHermesToken).balanceOf(address(this)) / totalSupply)) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/ERC4626PartnerManager.sol#L219
File: FlywheelCore.sol 171: deltaIndex = ((strategyRewardsAccrued * ONE) / supplyTokens).toUint224();
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L171
File: TalosBaseStrategy.sol 261: uint128 liquidityToDecrease = uint128((liquidity * shares) / totalSupply);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L261
File: RewardMath.sol 35: ((secondsInsideX128 * 4) / 10) + ((((stakedDuration << 128) * boostAmount) / boostTotalSupply) * 6) / 10
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/RewardMath.sol#L35
</details>Add check for zero value and return 0.
if ( totalSupply() == 0) return 0;
Limiting the timestamp variable to fit in a uint32 will cause the call to start reverting in year 2106 for the following calls.
File: FlywheelAcummulatedRewards.sol 43: uint32 timestamp = block.timestamp.toUint32();
decimals() not part of ERC20 standarddecimals() is not part of the official ERC20 standard and might fail for tokens that do not implement it. While in practice it is very unlikely, as usually most of the tokens implement it, this should still be considered as a potential issue.
File: ERC4626.sol 23: constructor(ERC20 _asset, string memory _name, string memory _symbol) ERC20(_name, _symbol, _asset.decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L23
File: ERC4626DepositOnly.sol 23: constructor(ERC20 _asset, string memory _name, string memory _symbol) ERC20(_name, _symbol, _asset.decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626DepositOnly.sol#L23
File: ERC4626MultiToken.sol 51: require(ERC20(_assets[i]).decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L51
File: UlyssesERC4626.sol 27: if (ERC20(_asset).decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L27
File: UlyssesToken.sol 46: require(ERC20(asset).decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L46
File: ArbitrumBranchBridgeAgent.sol 104: msg.sender, msg.sender, underlyingAddress, _normalizeDecimals(amount, ERC20(underlyingAddress).decimals()
File: ArbitrumBranchPort.sol 72: underlyingAddress.safeTransfer(_recipient, _denormalizeDecimals(_deposit, ERC20(underlyingAddress).decimals()
File: ArbitrumBranchPort.sol 82: _recipient, _denormalizeDecimals(_deposit, ERC20(_underlyingAddress).decimals()
File: ArbitrumBranchPort.sol 120: _depositor, address(this), _denormalizeDecimals(_deposit, ERC20(_underlyingAddress).decimals()
File: ArbitrumBranchPort.sol 141: _denormalizeDecimals(_deposits[i], ERC20(_underlyingAddresses[i]).decimals()
File: BranchBridgeAgent.sol 252: _normalizeDecimals(_dParams.deposit, ERC20(_dParams.token).decimals()
File: BranchBridgeAgent.sol 687: _normalizeDecimals(_dParams.deposit, ERC20(_dParams.token).decimals()
File: BranchBridgeAgent.sol 284: _deposits[i] = _normalizeDecimals(_dParams.deposits[i], ERC20(_dParams.tokens[i]).decimals()
File: BranchBridgeAgent.sol 342: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals()
File: BranchBridgeAgent.sol 357: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals()
File: BranchBridgeAgent.sol 720: deposits[i] = _normalizeDecimals(_dParams.deposits[i], ERC20(_dParams.tokens[i]).decimals()
File: BranchBridgeAgent.sol 1355: deposits[i] = _normalizeDecimals(_deposits[i], ERC20(_tokens[i]).decimals()
File: BranchPort.sol 212: _recipient, _denormalizeDecimals(_deposit, ERC20(_underlyingAddress).decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L212
File: BranchPort.sol 254: _depositor, address(this), _denormalizeDecimals(_deposit, ERC20(_underlyingAddress).decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L254
File: BranchPort.sol 272: _denormalizeDecimals(_deposits[i], ERC20(_underlyingAddresses[i]).decimals()
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L272
</details>There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use addr.call{gas: <amount>}("") or this library instead.
File: MulticallRootRouter.sol 281: IVirtualAccount(userAccount).call(calls); 289: IVirtualAccount(userAccount).call(calls); 309: IVirtualAccount(userAccount).call(calls); 357: IVirtualAccount(userAccount).call(calls); 365: IVirtualAccount(userAccount).call(calls); 385: IVirtualAccount(userAccount).call(calls); 433: IVirtualAccount(userAccount).call(calls); 441: IVirtualAccount(userAccount).call(calls); 461: IVirtualAccount(userAccount).call(calls);
File: VirtualAccount.sol 49: (bool success, bytes memory data) = calls[i].target.call(calls[i].callData);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/VirtualAccount.sol#L49
The initialize() functions below are not called by another contract atomically after the contract is deployed, so it's possible for a malicious user to call initialize() which, if it's noticed in time, would require the project to re-deploy the contract in order to properly initialize. Consider creating a factory contract, which will new and initialize() each contract atomically.
File: BaseV2Minter.sol function initialize(FlywheelGaugeRewards _flywheelGaugeRewards) external {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L78
File: TalosBaseStrategy.sol function init(uint256 amount0Desired, uint256 amount1Desired, address receiver)
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L102
File: RootPort.sol function initializeCore(
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L140
</details>The project contracts in scope are using low level calls with solidity version before 0.8.14 which can result in optimizer bug. https://medium.com/certora/overly-optimistic-optimizer-certora-bug-disclosure-2101e3f7994d
Simliar findings in Code4rena contests for reference: https://code4rena.com/reports/2022-06-illuminate/#5-low-level-calls-with-solidity-version-0814-can-result-in-optimiser-bug
POC can be found in the above medium reference url.
Functions that execute low level calls in contracts with solidity version under 0.8.14
<details>File: UlyssesPool.sol 356: assembly { // Revert if the list is empty if eq(length, 1) { // Store the function selector of `NotInitialized()`. mstore(0x00, 0x87138d5c) // Revert with (offset, size). revert(0x1c, 0x04) } // Revert if the amount is too small if lt(amount, MIN_SWAP_AMOUNT) { // Store the function selector of `AmountTooSmall()`. mstore(0x00, 0xc2f5625a) // Revert with (offset, size). revert(0x1c, 0x04) } }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L356
File: UlyssesPool.sol 553: assembly { // Load bandwidth and weight from storage let slot := sload(destinationState.slot) // Bandwidth is the first 248 bits of the slot bandwidth := and(slot, 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) // Weight is the last 8 bits of the slot weight := shr(248, slot) // Equivalent to `require(y == 0 || x <= type(uint256).max / y)`. if mul(weight, gt(_totalSupply, div(not(0), weight))) { // Store the function selector of `MulDivFailed()`. mstore(0x00, 0xad251c27) // Revert with (offset, size). revert(0x1c, 0x04) } // Get the target bandwidth targetBandwidth := div(mul(_totalSupply, weight), _totalWeights) }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L553
File: UlyssesPool.sol 698: assembly { // Load the rebalancing fee slot to get the fee parameters let feeSlot := sload(fees.slot) // Get sigma2 from the first 8 bytes of the fee slot let sigma2 := shr(192, feeSlot) // Get sigma1 from the next 8 bytes of the fee slot let sigma1 := and(shr(128, feeSlot), 0xffffffffffffffff) // Get lambda2 from the next 8 bytes of the fee slot lambda2 := and(shr(64, feeSlot), 0xffffffffffffffff) // Get lambda1 from the last 8 bytes of the fee slot lambda1 := and(feeSlot, 0xffffffffffffffff) // Equivalent to require(denominator != 0 && (y == 0 || x <= type(uint256).max / y)) if mul(sigma1, gt(targetBandwidth, div(not(0), sigma1))) { // Store the function selector of `MulDivFailed()`. mstore(0x00, 0xad251c27) // Revert with (offset, size). revert(0x1c, 0x04) } // Calculate the upper bound for the first fee upperBound1 := div(mul(targetBandwidth, sigma1), DIVISIONER) // Equivalent to require(denominator != 0 && (y == 0 || x <= type(uint256).max / y)) if mul(sigma2, gt(targetBandwidth, div(not(0), sigma2))) { // Store the function selector of `MulDivFailed()`. mstore(0x00, 0xad251c27) // Revert with (offset, size). revert(0x1c, 0x04) } // Calculate the upper bound for the second fee upperBound2 := div(mul(targetBandwidth, sigma2), DIVISIONER) }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L698
File: UlyssesPool.sol 851: assembly { // Calculate the height of the trapezium // The height is calculated as `upperBound - bandwidth` let height := sub(upperBound, bandwidth) // Equivalent to `require(y == 0 || x <= type(uint256).max / y)`. if mul(feeTier, gt(height, div(not(0), feeTier))) { // Store the function selector of `MulDivFailed()`. mstore(0x00, 0xad251c27) // Revert with (offset, size). revert(0x1c, 0x04) } // Calculate the width of the trapezium, rounded up // The width is calculated as `feeTier * height / maxWidth + offset` let width := add(add(iszero(iszero(mod(mul(height, feeTier), maxWidth))), div(mul(height, feeTier), maxWidth)), offset) // Equivalent to require(denominator != 0 && (y == 0 || x <= type(uint256).max / y)) if mul(height, gt(width, div(not(0), height))) { // Store the function selector of `MulDivFailed()`. mstore(0x00, 0xad251c27) // Revert with (offset, size). revert(0x1c, 0x04) } // Calculate the fee for this tier switch roundDown // If round down then do mulDiv(transfered, diff, totalDiff) case true { fee := div(mul(width, height), DIVISIONER) } // If round up then do mulDivUp(transfered, diff, totalDiff) default { fee := add(iszero(iszero(mod(mul(width, height), DIVISIONER))), div(mul(width, height), DIVISIONER)) } }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L851
File: UlyssesPool.sol 1098: assembly { // Revert if poolId is invalid if iszero(index) { // Store the function selector of `NotUlyssesLP()`. mstore(0x00, 0x3c930918) // Revert with (offset, size). revert(0x1c, 0x04) } }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L1098
File: UlyssesPool.sol 1152: assembly { // Revert if msg.sender is invalid if iszero(index) { // Store the function selector of `NotUlyssesLP()`. mstore(0x00, 0x3c930918) // Revert with (offset, size). revert(0x1c, 0x04) } // Revert if the amount is zero if iszero(assets) { // Store the function selector of `AmountTooSmall()`. mstore(0x00, 0xc2f5625a) // Revert with (offset, size). revert(0x1c, 0x04) } }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L1152
</details>Consider upgrading to at least solidity v0.8.15.
The core function mint is used by users to mint an option position by providing token1 as collateral and borrowing the max amount of liquidity. Address(0) check is missing in both this function and the internal function _mint, which is triggered to mint the tokens to the to address. Consider applying a check in the function to ensure tokens aren't minted to the zero address.
File: bHermesBoost.sol function mint(address to, uint256 amount) external onlybHermes { _mint(to, amount); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesBoost.sol#L28
File: bHermesGauges.sol function mint(address to, uint256 amount) external onlybHermes { _mint(to, amount); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesGauges.sol#L35
File: bHermesVotes.sol function mint(address to, uint256 amount) external onlybHermes { _mint(to, amount); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesVotes.sol#L26
File: HERMES.sol function mint(address account, uint256 amount) external onlyOwner { _mint(account, amount); } }
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/HERMES.sol#L62
File: Maia.sol function mint(address account, uint256 amount) external onlyOwner { _mint(account, amount); } }
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/Maia.sol#L55
File: RootPort.sol function mintToLocalBranch(address _to, address _hToken, uint256 _amount) external requiresLocalBranchPort { mint(_to, _hToken, _amount, localChainId); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L324
File: ERC20hTokenBranch.sol function mint(address account, uint256 amount) external override onlyOwner returns (bool) { _mint(account, amount); return true; }
</details>File: ERC20hTokenRoot.sol function mint(address to, uint256 amount, uint256 chainId) external requiresPort returns (bool) { getTokenBalance[chainId] += amount; _mint(to, amount); return true; }
approve(0) FirstSome tokens (like USDT L199) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
File: MulticallRootRouter.sol 120: ERC20hTokenRoot(outputToken).approve(bridgeAgentAddress, amountOut);
File: MulticallRootRouter.sol 148: ERC20hTokenRoot(outputTokens[i]).approve(bridgeAgentAddress, amountsOut[i]);
Approve with a zero amount first before setting the actual amount.
withdraw functionThe following contracts have no Re-Entrancy protection in their withdrawal function
If the mint was initiated by a contract, then the contract is checked for its ability to receive ERC721 tokens. Without reentrancy guard, onERC721Received will allow an attacker controlled contract to call the mint again, which may not be desirable to some parties, like allowing minting more than allowed.
Reference: https://www.paradigm.xyz/2021/08/the-dangers-of-surprising-code
If withdraw is msg.sender contract, it can do re-entrancy by overriding onERC721Received function, it doesn't seem to be a serious problem since it conforms to check-effect-interaction pattern, but this is a clear re-entry due to access to other functions and pre-emit processing. is the entracy
reentrancy.sol: function onERC721Received( address, address, uint256, bytes memory ) public virtual override returns (bytes4) { //...do something } return this.onERC721Received.selector; }
Affected lines:
File: VirtualAccount.sol 36: function withdrawERC721(address _token, uint256 _tokenId) external requiresApprovedCaller { ERC721(_token).transferFrom(address(this), msg.sender, _tokenId); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/VirtualAccount.sol#L36
Use Openzeppelin or Solmate Re-Entrancy pattern Here is a example of a re-entrancy guard
// SPDX-License-Identifier: MIT pragma solidity ^0.8.13; contract ReEntrancyGuard { bool internal locked; modifier noReentrant() { require(!locked, "No re-entrancy"); locked = true; _; locked = false; } }
The non-upgradeable standard version of OpenZeppelin’s library are inherited / used by the contracts. It would be safer to use the upgradeable versions of the library contracts to avoid unexpected behaviour.
File: TalosBaseStrategy.sol 13: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L13
File: BoostAggregator.sol 9: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
File: IBoostAggregator.sol 6: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L6
File: ITalosBaseStrategy.sol 7: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/ITalosBaseStrategy.sol#L7
File: VirtualAccount.sol 9: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/VirtualAccount.sol#L9
File: IVirtualAccount.sol 4: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
File: UniswapV3Staker.sol 12: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L12
</details>File: IUniswapV3Staker.sol 5: import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
Where applicable, use the contracts from @openzeppelin/contracts-upgradeable instead of @openzeppelin/contracts.
See https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/tree/master/contracts for list of available upgradeable contracts
PUSH0The compiler for Solidity 0.8.20 switches the default target EVM version to Shanghai, which includes the new PUSH0 op code. This op code may not yet be implemented on all L2s, so deployment on these chains will fail. To work around this issue, use an earlier EVM version. While the project itself may or may not compile with 0.8.20, other projects with which it integrates, or which extend this project may, and those projects will have problems deploying these contracts/libraries.
File: ERC20Boost.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L3
File: ERC20Gauges.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L3
File: ERC20MultiVotes.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L4
File: Errors.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/interfaces/Errors.sol#L2
File: IERC20Boost.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/interfaces/IERC20Boost.sol#L2
File: IERC20Gauges.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/interfaces/IERC20Gauges.sol#L3
File: IERC20MultiVotes.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/interfaces/IERC20MultiVotes.sol#L3
File: IERC4626DepositOnly.sol pragma solidity ^0.8.0;
File: IERC4626MultiToken.sol pragma solidity ^0.8.0;
File: IUlyssesERC4626.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/interfaces/IUlyssesERC4626.sol#L2
File: BaseV2Gauge.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L2
File: UniswapV3Gauge.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/UniswapV3Gauge.sol#L2
File: BaseV2GaugeFactory.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeFactory.sol#L3
File: BaseV2GaugeManager.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeManager.sol#L3
File: BribesFactory.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BribesFactory.sol#L2
File: UniswapV3GaugeFactory.sol pragma solidity ^0.8.0;
File: IBaseV2Gauge.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/interfaces/IBaseV2Gauge.sol#L2
File: IBaseV2GaugeFactory.sol pragma solidity ^0.8.0;
File: IBaseV2GaugeManager.sol pragma solidity ^0.8.0;
File: IBribesFactory.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/interfaces/IBribesFactory.sol#L2
File: IUniswapV3Gauge.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/interfaces/IUniswapV3Gauge.sol#L2
File: IUniswapV3GaugeFactory.sol pragma solidity ^0.8.0;
File: GovernorBravoDelegateMaia.sol pragma solidity ^0.8.10;
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegateMaia.sol#L2
File: GovernorBravoDelegator.sol pragma solidity ^0.8.10;
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L2
File: GovernorBravoInterfaces.sol pragma solidity ^0.8.10;
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L2
File: bHermes.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/bHermes.sol#L2
File: UtilityManager.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L3
File: IBaseV2Minter.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/interfaces/IBaseV2Minter.sol#L2
File: IbHermesUnderlying.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/interfaces/IbHermesUnderlying.sol#L2
File: IUtilityManager.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/interfaces/IUtilityManager.sol#L2
File: BaseV2Minter.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L2
File: bHermesBoost.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesBoost.sol#L2
File: bHermesGauges.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesGauges.sol#L2
File: bHermesVotes.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesVotes.sol#L2
File: HERMES.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/HERMES.sol#L2
File: PartnerUtilityManager.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L2
File: vMaia.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/vMaia.sol#L3
File: PartnerManagerFactory.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/factories/PartnerManagerFactory.sol#L2
File: IBaseVault.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/interfaces/IBaseVault.sol#L3
File: IERC4626PartnerManager.sol pragma solidity ^0.8.0;
File: IPartnerManagerFactory.sol pragma solidity ^0.8.0;
File: IPartnerUtilityManager.sol pragma solidity ^0.8.0;
File: DateTimeLib.sol pragma solidity ^0.8.4;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/libraries/DateTimeLib.sol#L2
File: ERC4626PartnerManager.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/ERC4626PartnerManager.sol#L2
File: Maia.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/Maia.sol#L2
File: GovernorBravoDelegator.sol pragma solidity ^0.8.10;
File: GovernorBravoInterfaces.sol pragma solidity ^0.8.10;
File: FlywheelCoreInstant.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/FlywheelCoreInstant.sol#L2
File: FlywheelCoreStrategy.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/FlywheelCoreStrategy.sol#L2
File: BaseFlywheelRewards.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/BaseFlywheelRewards.sol#L3
File: FlywheelCore.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L3
File: FlywheelBoosterGaugeWeight.sol pragma solidity ^0.8.0;
File: MultiRewardsDepot.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/depots/MultiRewardsDepot.sol#L2
File: RewardsDepot.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/depots/RewardsDepot.sol#L2
File: SingleRewardsDepot.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/depots/SingleRewardsDepot.sol#L2
File: IFlywheelAcummulatedRewards.sol pragma solidity ^0.8.0;
File: IFlywheelBooster.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/interfaces/IFlywheelBooster.sol#L3
File: IFlywheelBribeRewards.sol pragma solidity ^0.8.0;
File: IFlywheelCore.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/interfaces/IFlywheelCore.sol#L3
File: IFlywheelGaugeRewards.sol pragma solidity ^0.8.0;
File: IFlywheelInstantRewards.sol pragma solidity ^0.8.0;
File: IFlywheelRewards.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/interfaces/IFlywheelRewards.sol#L3
File: IMultiRewardsDepot.sol pragma solidity ^0.8.0;
File: IRewardsDepot.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/interfaces/IRewardsDepot.sol#L2
File: FlywheelAcummulatedRewards.sol pragma solidity ^0.8.0;
File: FlywheelBribeRewards.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/rewards/FlywheelBribeRewards.sol#L3
File: FlywheelGaugeRewards.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/rewards/FlywheelGaugeRewards.sol#L3
File: FlywheelInstantRewards.sol pragma solidity ^0.8.0;
File: TalosManager.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosManager.sol#L2
File: TalosOptimizer.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosOptimizer.sol#L3
File: BoostAggregatorFactory.sol pragma solidity ^0.8.0;
File: OptimizerFactory.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/factories/OptimizerFactory.sol#L2
File: TalosBaseStrategyFactory.sol pragma solidity ^0.8.0;
File: TalosStrategyStakedFactory.sol pragma solidity ^0.8.0;
File: TalosStrategyVanillaFactory.sol pragma solidity ^0.8.0;
File: AutomationCompatibleInterface.sol pragma solidity ^0.8.0;
File: IBoostAggregatorFactory.sol pragma solidity ^0.8.0;
File: IOptimizerFactory.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IOptimizerFactory.sol#L2
File: ITalosBaseStrategy.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/ITalosBaseStrategy.sol#L3
File: ITalosBaseStrategyFactory.sol pragma solidity ^0.8.0;
File: ITalosManager.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/ITalosManager.sol#L2
File: ITalosOptimizer.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/ITalosOptimizer.sol#L3
File: ITalosStrategyStaked.sol pragma solidity ^0.8.0;
File: ITalosStrategyStakedFactory.sol pragma solidity ^0.8.0;
File: PoolActions.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolActions.sol#L3
File: PoolVariables.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L3
File: UlyssesPool.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L2
File: UlyssesRouter.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesRouter.sol#L2
File: UlyssesToken.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L2
File: UlyssesFactory.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/factories/UlyssesFactory.sol#L2
File: IUlyssesFactory.sol pragma solidity ^0.8.0;
File: IUlyssesPool.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/interfaces/IUlyssesPool.sol#L2
File: IUlyssesRouter.sol pragma solidity ^0.8.0;
File: IUlyssesToken.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/interfaces/IUlyssesToken.sol#L2
File: ArbitrumBranchBridgeAgent.sol pragma solidity ^0.8.0;
File: ArbitrumBranchPort.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/ArbitrumBranchPort.sol#L3
File: ArbitrumCoreBranchRouter.sol pragma solidity ^0.8.0;
File: BaseBranchRouter.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BaseBranchRouter.sol#L2
File: BranchBridgeAgent.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchBridgeAgent.sol#L2
File: BranchBridgeAgentExecutor.sol pragma solidity ^0.8.0;
File: BranchPort.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L3
File: CoreBranchRouter.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L2
File: CoreRootRouter.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L2
File: MulticallRootRouter.sol pragma solidity ^0.8.0;
File: RootBridgeAgent.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L2
File: RootBridgeAgentExecutor.sol pragma solidity ^0.8.0;
File: RootPort.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L3
File: VirtualAccount.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/VirtualAccount.sol#L3
File: ArbitrumBranchBridgeAgentFactory.sol pragma solidity ^0.8.0;
File: BranchBridgeAgentFactory.sol pragma solidity ^0.8.0;
File: ERC20hTokenBranchFactory.sol pragma solidity ^0.8.0;
File: ERC20hTokenRootFactory.sol pragma solidity ^0.8.0;
File: RootBridgeAgentFactory.sol pragma solidity ^0.8.0;
File: IAnycallConfig.sol pragma solidity ^0.8.10;
File: IAnycallExecutor.sol pragma solidity ^0.8.10;
File: IAnycallProxy.sol pragma solidity ^0.8.10;
File: IApp.sol pragma solidity ^0.8.10;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/interfaces/IApp.sol#L3
File: IArbitrumBranchPort.sol pragma solidity ^0.8.0;
File: IBranchBridgeAgent.sol pragma solidity ^0.8.0;
File: IBranchBridgeAgentFactory.sol pragma solidity ^0.8.0;
File: IBranchPort.sol pragma solidity ^0.8.0;
File: IBranchRouter.sol pragma solidity ^0.8.0;
File: ICoreBranchRouter.sol pragma solidity ^0.8.0;
File: IERC20hTokenBranch.sol pragma solidity ^0.8.0;
File: IERC20hTokenBranchFactory.sol pragma solidity ^0.8.0;
File: IERC20hTokenRoot.sol pragma solidity ^0.8.0;
File: IERC20hTokenRootFactory.sol pragma solidity ^0.8.0;
File: IMulticall2.sol pragma solidity ^0.8.0;
File: IPortStrategy.sol pragma solidity ^0.8.0;
File: IRootBridgeAgent.sol pragma solidity ^0.8.0;
File: IRootBridgeAgentFactory.sol pragma solidity ^0.8.0;
File: IRootPort.sol pragma solidity ^0.8.0;
File: IRootRouter.sol pragma solidity ^0.8.0;
File: IVirtualAccount.sol pragma solidity ^0.8.0;
File: IWETH9.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/interfaces/IWETH9.sol#L2
File: AnycallFlags.sol pragma solidity ^0.8.10;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L3
File: ERC20hTokenBranch.sol pragma solidity ^0.8.0;
File: ERC20hTokenRoot.sol pragma solidity ^0.8.0;
File: UniswapV3Staker.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L3
File: IUniswapV3Staker.sol pragma solidity ^0.8.0;
File: IncentiveId.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/IncentiveId.sol#L2
File: IncentiveTime.sol pragma solidity ^0.8.0;
File: NFTPositionInfo.sol pragma solidity ^0.8.0;
File: RewardMath.sol pragma solidity ^0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/RewardMath.sol#L2
</details>See the following for more info:
https://twitter.com/solidity_lang/status/1567953562151579650?s=20&t=fXIo4hRjOiMXl2dqpD5Oyw
https://blog.soliditylang.org/2022/09/08/storage-write-removal-before-conditional-termination/
File: GovernorBravoDelegateMaia.sol 536: function getChainIdInternal() internal view returns (uint256) { uint256 chainId; assembly { chainId := chainid() } return chainId; } }
Upgrade pragma to at least version 0.8.17
An outdated OZ version is used (which has known vulnerabilities, see: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories). Release: https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.0
Require dependencies to be at least version of 4.9.0 to include critical vulnerability patches.
File: package.json "@openzeppelin/contracts": "4.6.0"
https://github.com/code-423n4/2023-05-maia/tree/main/src/../lib/v3-periphery/package.json#L32
Update OpenZeppelin Contracts Usage in package.json and require at least version of 4.9.0 via >=4.9.0
Use <a href="https://www.zdnet.com/article/mysql-drops-master-slave-and-blacklist-whitelist-terminology/">alternative variants</a>, e.g. allowlist/denylist instead of whitelist/blacklist
File: IBaseV2Gauge.sol 58: /// @notice mapping of whitelisted bribe tokens.
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/interfaces/IBaseV2Gauge.sol#L58
File: GovernorBravoDelegateMaia.sol 113: // Allow addresses above proposal threshold and whitelisted addresses to propose 116: || isWhitelisted(msg.sender), 235: // Whitelisted proposers can't be canceled for falling below proposal threshold 236: if (isWhitelisted(proposal.proposer)) { 239: && msg.sender == whitelistGuardian, 240: "GovernorBravo::cancel: whitelisted proposer" 385: * @notice View function which returns if an account is whitelisted 387: * @return If the account is whitelisted 389: function isWhitelisted(address account) public view returns (bool) { 390: return (whitelistAccountExpirations[account] > block.timestamp); 443: * @notice Admin function for setting the whitelist expiration as a timestamp for an account. Whitelist status allows accounts to propose without meeting threshold 444: * @param account Account address to set whitelist expiration for 445: * @param expiration Expiration for account whitelist status as timestamp (if now < expiration, whitelisted) 447: function _setWhitelistAccountExpiration(address account, uint256 expiration) external { 449: msg.sender == admin || msg.sender == whitelistGuardian, 450: "GovernorBravo::_setWhitelistAccountExpiration: admin only" 452: whitelistAccountExpirations[account] = expiration; 454: emit WhitelistAccountExpirationSet(account, expiration); 458: * @notice Admin function for setting the whitelistGuardian. WhitelistGuardian can cancel proposals from whitelisted addresses 459: * @param account Account to set whitelistGuardian to (0x0 to remove whitelistGuardian) 461: function _setWhitelistGuardian(address account) external { 462: require(msg.sender == admin, "GovernorBravo::_setWhitelistGuardian: admin only"); 463: address oldGuardian = whitelistGuardian; 464: whitelistGuardian = account; 466: emit WhitelistGuardianSet(oldGuardian, whitelistGuardian);
File: GovernorBravoInterfaces.sol 53: /// @notice Emitted when whitelist account expiration is set 54: event WhitelistAccountExpirationSet(address account, uint256 expiration); 56: /// @notice Emitted when the whitelistGuardian is set 57: event WhitelistGuardianSet(address oldGuardian, address newGuardian); 162: /// @notice Stores the expiration of account whitelist status as a timestamp 163: mapping(address => uint256) public whitelistAccountExpirations; 165: /// @notice Address which manages whitelisted proposals and whitelist accounts 166: address public whitelistGuardian;
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L53
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L54
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L56
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L57
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L162
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L163
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L165
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoInterfaces.sol#L166
File: GovernorBravoInterfaces.sol 53: /// @notice Emitted when whitelist account expiration is set 54: event WhitelistAccountExpirationSet(address account, uint256 expiration); 56: /// @notice Emitted when the whitelistGuardian is set 57: event WhitelistGuardianSet(address oldGuardian, address newGuardian); 162: /// @notice Stores the expiration of account whitelist status as a timestamp 163: mapping(address => uint256) public whitelistAccountExpirations; 165: /// @notice Address which manages whitelisted proposals and whitelist accounts 166: address public whitelistGuardian;
File: FlywheelBribeRewards.sol 38: /// @dev Anyone can call this, whitelisting is handled in FlywheelCore
File: BoostAggregator.sol 48: mapping(address => bool) public whitelistedAddresses; 78: /// whitelisted addresses to retrieve NFTs incorrectly sent to this contract 82: onlyWhitelisted(from) 143: function addWhitelistedAddress(address user) external onlyOwner { 144: whitelistedAddresses[user] = true; 148: function removeWhitelistedAddress(address user) external onlyOwner { 149: delete whitelistedAddresses[user]; 188: /// @dev Only whitelisted addresses 190: modifier onlyWhitelisted(address from) { 191: if (!whitelistedAddresses[from]) revert Unauthorized();
File: IBoostAggregator.sol 47: /// @notice mapping of whitelisted addresses 48: function whitelistedAddresses(address) external view returns (bool); 81: * @notice add whitelisted address to stake using this contract 84: function addWhitelistedAddress(address user) external; 87: * @notice remove whitelisted address from staking using this contract 90: function removeWhitelistedAddress(address user) external;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L47
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L48
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L81
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L84
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L87
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L90
File: BranchPort.sol 56: /// @notice List of Tokens whitelisted for usage in Port Strategies.
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L56
</details>File: IPortStrategy.sol 9: * whitelisted by the chain's Branch Port to manage a limited amount
== true or == false checksThere is no need to verify that == true or == false when the variable checked upon is a boolean as well.
File: GovernorBravoDelegateMaia.sol 366: require(receipt.hasVoted == false, "GovernorBravo::castVoteInternal: voter already voted");
Instead simply check for variable or !variable
Doing so will significantly increase centralization, but will help to prevent hackers from using stolen tokens
File: bHermesBoost.sol 18: contract bHermesBoost is ERC20Boost, IbHermesUnderlying
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesBoost.sol#L18
File: bHermesGauges.sol 22: contract bHermesGauges is ERC20Gauges, IbHermesUnderlying
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesGauges.sol#L22
File: bHermesVotes.sol 16: contract bHermesVotes is ERC20MultiVotes, IbHermesUnderlying
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/bHermesVotes.sol#L16
File: HERMES.sol 47: contract HERMES is ERC20, Ownable
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/tokens/HERMES.sol#L47
File: Maia.sol 40: contract Maia is ERC20, Ownable
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/Maia.sol#L40
File: ERC20hTokenBranchFactory.sol 11: contract ERC20hTokenBranchFactory is Ownable, IERC20hTokenBranchFactory
File: ERC20hTokenRootFactory.sol 12: contract ERC20hTokenRootFactory is Ownable, IERC20hTokenRootFactory
File: ERC20hTokenBranch.sol 11: contract ERC20hTokenBranch is ERC20, Ownable, IERC20hTokenBranch
</details>File: ERC20hTokenRoot.sol 12: contract ERC20hTokenRoot is ERC20, IERC20hTokenRoot
Consider using the same approach throughout the codebase to improve the consistency of the code.
File: ERC20Boost.sol 118: revert InvalidGauge(); 267: revert InvalidGauge(); 279: revert InvalidGauge(); 122: if (!_userGauges[user].add(msg.sender)) revert GaugeAlreadyAttached(); 267: if (gauge == address(0) || !(newAdd || previouslyDeprecated)) revert InvalidGauge(); 279: if (!_deprecatedGauges.add(gauge)) revert InvalidGauge(); 342: if (freeGaugeBoost(user) < amount) revert AttachedBoost();
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L118
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L267
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L279
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L122
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L267
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L279
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L342
File: ERC20Gauges.sol 29: if (_incrementFreezeWindow >= _gaugeCycleLength) revert IncrementFreezeError(); 203: if (!_gauges.contains(gauge) || _deprecatedGauges.contains(gauge)) revert InvalidGaugeError(); 205: if (cycle - block.timestamp <= incrementFreezeWindow) revert IncrementFreezeError(); 212: revert MaxGaugeError(); 236: if (newUserWeight > getVotes(user)) revert OverWeightError(); 251: if (weights.length != size) revert SizeMismatchError(); 328: if (weights.length != size) revert SizeMismatchError(); 293: if (!_gauges.contains(gauge)) revert InvalidGaugeError(); 251: if (weights.length != size) revert SizeMismatchError(); 328: if (weights.length != size) revert SizeMismatchError(); 411: if (gauge == address(0) || !(newAdd || previouslyDeprecated)) revert InvalidGaugeError(); 435: if (!_deprecatedGauges.add(gauge)) revert InvalidGaugeError();
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L29
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L203
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L205
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L236
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L251
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L328
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L293
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L251
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L328
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L411
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L435
File: ERC20MultiVotes.sol 59: if (blockNumber >= block.number) revert BlockError(); 165: if (count > 1) revert DelegationError(); 191: if (delegatee == address(0) || free < amount || amount == 0) revert DelegationError(); 165: revert DelegationError(); 191: revert DelegationError(); 196: revert DelegationError(); 220: if (userUnusedVotes(delegatee) < amount) revert UndelegationVoteError(); 351: if ((userFreeVotes + totalFreed) < votes) revert UndelegationVoteError(); 364: require(block.timestamp <= expiry, "ERC20MultiVotes: signature expired"); 375: require(nonce == nonces[signer]++, "ERC20MultiVotes: invalid nonce");
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L59
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L165
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L191
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L165
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L191
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L196
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L220
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L351
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L364
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L375
File: ERC4626MultiToken.sol 48: if (length != _assets.length || length == 0) revert InvalidLength(); 100: require((shares = previewDeposit(assetsAmounts)) != 0, "ZERO_SHARES"); 172: if (assetsAmounts[i] == 0) revert ZeroAssets(); 198: if (length != assets.length) revert InvalidLength(); 248: if (length != assets.length) revert InvalidLength(); 198: if (length != assets.length) revert InvalidLength(); 248: if (length != assets.length) revert InvalidLength();
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L48
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L100
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L172
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L198
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L248
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L198
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L248
File: UlyssesERC4626.sol 27: if (ERC20(_asset).decimals() != 18) revert InvalidAssetDecimals(); 40: require(shares != 0, "ZERO_SHARES"); 50: require(assets != 0, "ZERO_ASSETS"); 75: require(assets != 0, "ZERO_ASSETS"); 50: require(assets != 0, "ZERO_ASSETS"); 75: require(assets != 0, "ZERO_ASSETS");
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L27
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L40
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L50
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L75
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L50
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L75
File: FlywheelGaugeRewards.sol 83: if (currentCycle <= lastCycle) revert CycleError(); 118: if (currentCycle <= lastCycle) revert CycleError(); 83: if (currentCycle <= lastCycle) revert CycleError(); 118: if (currentCycle <= lastCycle) revert CycleError(); 174: if (size == 0) revert EmptyGaugesError();
File: TalosBaseStrategy.sol 108: if (initialized) revert AlreadyInitialized(); 151: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 212: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 273: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 335: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 158: if (totalSupply > optimizer.maxTotalSupply()) revert ExceedingMaxTotalSupply(); 219: if (totalSupply > optimizer.maxTotalSupply()) revert ExceedingMaxTotalSupply(); 151: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 212: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 273: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 335: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 158: if (totalSupply > optimizer.maxTotalSupply()) revert ExceedingMaxTotalSupply(); 219: if (totalSupply > optimizer.maxTotalSupply()) revert ExceedingMaxTotalSupply(); 252: if (shares == 0) revert RedeemingZeroShares(); 253: if (receiver == address(0)) revert ReceiverIsZeroAddress(); 151: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 212: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 273: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 335: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 334: if (msg.sender != address(pool)) revert CallerIsNotPool(); 151: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 212: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 273: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 335: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 399: revert Token0AmountIsBiggerThanProtocolFees(); 402: revert Token1AmountIsBiggerThanProtocolFees(); 431: if (msg.sender != strategyManager) revert NotStrategyManager();
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L108
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L151
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L273
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L335
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L158
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L219
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L151
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L273
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L335
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L158
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L219
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L252
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L253
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L151
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L273
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L335
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L334
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L151
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L273
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L335
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L399
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L402
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L431
File: UlyssesPool.sol 160: if (weight == 0) revert InvalidWeight(); 224: if (weight == 0) revert InvalidWeight(); 165: if (destinationIds[address(destination)] != 0 || destinationId == id) revert InvalidPool(); 167: if (destinationId == 0) revert NotUlyssesLP(); 171: if (index > MAX_DESTINATIONS) revert TooManyDestinations(); 185: if (newTotalWeights > MAX_TOTAL_WEIGHT) revert InvalidWeight(); 160: if (weight == 0) revert InvalidWeight(); 224: if (weight == 0) revert InvalidWeight(); 228: if (poolIndex == 0) revert NotUlyssesLP(); 160: revert InvalidWeight(); 185: revert InvalidWeight(); 224: revert InvalidWeight(); 244: revert InvalidWeight(); 310: if (_fees.lambda1 > MAX_LAMBDA1) revert InvalidFee(); 312: if (_fees.lambda1 + _fees.lambda2 != DIVISIONER / 2) revert InvalidFee(); 315: if (_fees.sigma1 > DIVISIONER) revert InvalidFee(); 317: if (_fees.sigma1 <= _fees.sigma2 || _fees.sigma2 < MIN_SIGMA2) revert InvalidFee(); 324: if (msg.sender != factory.owner()) revert Unauthorized(); 327: if (_protocolFee > MAX_PROTOCOL_FEE) revert InvalidFee();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L160
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L224
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L165
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L167
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L171
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L185
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L160
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L224
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L228
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L160
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L185
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L224
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L244
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L310
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L312
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L315
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L317
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L324
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L327
File: UlyssesToken.sol 45: if (assetId[asset] != 0) revert AssetAlreadyAdded(); 66: if (newAssetsLength == 0) revert CannotRemoveLastAsset(); 89: if (_weights.length != assets.length) revert InvalidWeightsLength();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L45
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L66
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L89
File: UlyssesFactory.sol 61: require(_owner != address(0), "Owner cannot be 0"); 84: if (address(asset) == address(0)) revert InvalidAsset(); 97: if (length != weights.length) revert ParameterLengthError(); 108: if (length != weights[i].length) revert ParameterLengthError(); 148: if (destination == address(0)) revert InvalidPoolId();
File: ArbitrumBranchPort.sol 34: require(_rootPortAddress != address(0), "Root Port Address cannot be 0"); 50: if (globalToken == address(0)) revert UnknownUnderlyingToken(); 63: revert UnknownToken(); 68: if (underlyingAddress == address(0)) revert UnknownUnderlyingToken();
File: BaseBranchRouter.sol 38: require(_localBridgeAgentAddress != address(0), "Bridge Agent address cannot be 0"); 139: if (msg.sender != bridgeAgentExecutorAddress) revert UnrecognizedBridgeAgentExecutor();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BaseBranchRouter.sol#L38
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BaseBranchRouter.sol#L139
File: BranchBridgeAgent.sol 151: require(_rootBridgeAgentAddress != address(0), "Root Bridge Agent Address cannot be the zero address."); 152: require(_localAnyCallAddress != address(0), "AnyCall Address cannot be the zero address."); 153: require(_localAnyCallExecutorAddress != address(0), "AnyCall Executor Address cannot be the zero address."); 154: require(_localRouterAddress != address(0), "Local Router Address cannot be the zero address."); 155: require(_localPortAddress != address(0), "Local Port Address cannot be the zero address."); 327: if (getDeposit[_depositNonce].owner != msg.sender) revert NotDepositOwner(); 453: revert DepositRedeemUnavailable(); 816: ) revert InvalidInput(); 1375: if (msg.sender != bridgeAgentExecutorAddress) revert UnrecognizedBridgeAgentExecutor(); 1387: if (msg.sender != localAnyCallExecutorAddress) revert AnycallUnauthorizedCaller(); 1389: if (from != rootBridgeAgentAddress) revert AnycallUnauthorizedCaller(); 1400: if (msg.sender != localRouterAddress) revert UnrecognizedCallerNotRouter(); 1411: if (msg.value <= MIN_FALLBACK_RESERVE * tx.gasprice) revert InsufficientGas(); 1416: if (_depositedGas <= MIN_FALLBACK_RESERVE * tx.gasprice) revert InsufficientGas();
File: BranchPort.sol 95: require(_owner != address(0), "Owner is zero address"); 100: require(coreBranchRouterAddress == address(0), "Contract already initialized"); 101: require(!isBridgeAgentFactory[_bridgeAgentFactory], "Contract already initialized"); 103: require(_coreBranchRouter != address(0), "CoreBranchRouter is zero address"); 104: require(_bridgeAgentFactory != address(0), "BridgeAgentFactory is zero address"); 159: if (_amount > _excessReserves(_token)) revert InsufficientReserves(); 173: if (!isStrategyToken[_token]) revert UnrecognizedStrategyToken(); 353: if (!isStrategyToken[_token]) revert UnrecognizedStrategyToken(); 174: if (!isPortStrategy[_strategy][_token]) revert UnrecognizedPortStrategy(); 302: require(coreBranchRouterAddress != address(0), "CoreRouter address is zero"); 303: require(_newCoreRouter != address(0), "New CoreRouter address is zero"); 332: if (_minimumReservesRatio >= DIVISIONER) revert InvalidMinimumReservesRatio(); 173: if (!isStrategyToken[_token]) revert UnrecognizedStrategyToken(); 353: if (!isStrategyToken[_token]) revert UnrecognizedStrategyToken(); 398: if (msg.sender != coreBranchRouterAddress) revert UnrecognizedCore(); 404: if (!isBridgeAgent[msg.sender]) revert UnrecognizedBridgeAgent(); 410: if (!isBridgeAgentFactory[msg.sender]) revert UnrecognizedBridgeAgentFactory(); 416: if (!isPortStrategy[msg.sender][_token]) revert UnrecognizedPortStrategy();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L95
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L100
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L101
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L103
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L104
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L159
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L173
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L353
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L174
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L302
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L303
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L332
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L173
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L353
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L398
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L404
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L410
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L416
File: CoreRootRouter.sol 91: revert UnauthorizedCallerNotManager(); 95: if (!IPort(rootPortAddress).isChainId(_toChain)) revert InvalidChainId(); 98: if (IBridgeAgent(_rootBridgeAgent).getBranchBridgeAgent(_toChain) != address(0)) revert InvalidChainId(); 101: if (!IBridgeAgent(_rootBridgeAgent).isBranchBridgeAgentAllowed(_toChain)) revert UnauthorizedChainId(); 146: if (_toChain == rootChainId) revert InvalidChainId(); 149: revert UnrecognizedGlobalToken(); 154: revert TokenAlreadyAdded(); 190: revert TokenAlreadyAdded(); 210: revert TokenAlreadyAdded(); 190: ) revert TokenAlreadyAdded(); 210: ) revert TokenAlreadyAdded(); 210: if (IPort(rootPortAddress).isLocalToken(_localAddress, _toChain)) revert TokenAlreadyAdded(); 234: revert UnrecognizedBridgeAgentFactory(); 453: if (msg.sender != bridgeAgentExecutorAddress) revert UnrecognizedBridgeAgentExecutor();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L91
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L95
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L98
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L101
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L146
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L149
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L154
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L190
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L210
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L190
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L210
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L210
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L234
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L453
File: RootBridgeAgent.sol 210: require(address(_wrappedNativeToken) != address(0), "Wrapped native token cannot be zero address"); 211: require(_daoAddress != address(0), "DAO cannot be zero address"); 212: require(_localAnyCallAddress != address(0), "Anycall Address cannot be zero address"); 213: require(_localAnyCallExecutorAddress != address(0), "Anycall Executor Address cannot be zero address"); 214: require(_localPortAddress != address(0), "Port Address cannot be zero address"); 215: require(_localRouterAddress != address(0), "Router Address cannot be zero address"); 261: revert SettlementRedeemUnavailable(); 265: revert NotSettlementOwner(); 302: revert InvalidInputParams(); 347: revert InvalidInputParams(); 390: revert InvalidInputParams(); 397: revert InvalidInputParams(); 347: if (hTokens[i] == address(0) || (tokens[i] == address(0) && _deposits[i] > 0)) revert InvalidInputParams(); 302: revert InvalidInputParams(); 347: revert InvalidInputParams(); 390: revert InvalidInputParams(); 397: revert InvalidInputParams(); 397: if (globalAddress == address(0)) revert InvalidInputParams(); 453: if (_localAddress == address(0)) revert UnrecognizedLocalAddress(); 459: if (_underlyingAddress == address(0)) revert UnrecognizedUnderlyingAddress(); 461: revert InsufficientBalanceForSettlement(); 647: if (!approvedGasPool[msg.sender]) revert CallerIsNotPool(); 648: if (amount0 == 0 && amount1 == 0) revert AmountsAreZero(); 665: if (gasTokenGlobalAddress == address(0) || poolAddress == address(0)) revert InvalidGasPool(); 709: if (gasTokenGlobalAddress == address(0) || poolAddress == address(0)) revert InvalidGasPool(); 665: if (gasTokenGlobalAddress == address(0) || poolAddress == address(0)) revert InvalidGasPool(); 709: if (gasTokenGlobalAddress == address(0) || poolAddress == address(0)) revert InvalidGasPool(); 758: if (userFeeInfo.gasToBridgeOut <= MIN_FALLBACK_RESERVE * tx.gasprice) revert InsufficientGasForFees(); 761: if (msg.value <= MIN_FALLBACK_RESERVE * tx.gasprice) revert InsufficientGasForFees(); 778: if (callee == address(0)) revert UnrecognizedBridgeAgent(); 1234: if (initialGas == 0) revert GasErrorOrRepeatedTx(); 1249: if (getBranchBridgeAgent[_branchChainId] != address(0)) revert AlreadyAddedBridgeAgent(); 1260: if (msg.sender != daoAddress) revert NotDao(); 1290: if (msg.sender != localAnyCallExecutorAddress) revert AnycallUnauthorizedCaller(); 1292: if (getBranchBridgeAgent[fromChainId] != from) revert AnycallUnauthorizedCaller(); 1303: if (msg.sender != localRouterAddress) revert UnrecognizedCallerNotRouter(); 1308: if (msg.sender != bridgeAgentExecutorAddress) revert UnrecognizedExecutor(); 1308: revert UnrecognizedExecutor(); 1315: revert UnrecognizedExecutor(); 1322: if (msg.sender != localPortAddress) revert UnrecognizedPort(); 1329: revert UnrecognizedBridgeAgentManager();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L210
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L211
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L213
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L214
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L215
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L261
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L265
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L302
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L347
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L390
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L397
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L347
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L302
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L347
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L390
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L397
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L397
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L453
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L459
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L461
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L647
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L648
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L665
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L709
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L665
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L709
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L758
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L761
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L778
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1234
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1249
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1260
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1290
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1292
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1303
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1308
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1308
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1315
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1322
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1329
File: RootPort.sol 115: require(_wrappedNativeToken != address(0), "Invalid wrapped native token address."); 129: require(_setup, "Setup ended."); 145: require(_setup, "Setup ended."); 130: require(_bridgeAgentFactory != address(0), "Bridge Agent Factory cannot be 0 address."); 131: require(_coreRootRouter != address(0), "Core Root Router cannot be 0 address."); 129: require(_setup, "Setup ended."); 145: require(_setup, "Setup ended."); 146: require(isBridgeAgent[_coreRootBridgeAgent], "Core Bridge Agent doesn't exist."); 147: require(_coreRootBridgeAgent != address(0), "Core Root Bridge Agent cannot be 0 address."); 148: require(_coreLocalBranchBridgeAgent != address(0), "Core Local Branch Bridge Agent cannot be 0 address."); 149: require(_localBranchPortAddress != address(0), "Local Branch Port Address cannot be 0 address."); 159: require(_owner != address(0), "Owner cannot be 0 address."); 280: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 294: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 300: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 309: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 318: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 330: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 280: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 294: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 300: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 309: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 318: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 330: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 280: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 294: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 300: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 309: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 318: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 330: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 280: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 294: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 300: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 309: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 318: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 330: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 280: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 294: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 300: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 309: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 318: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 330: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 280: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 294: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 300: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 309: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 318: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 330: if (!isGlobalAddress[_hToken]) revert UnrecognizedToken(); 367: if (isBridgeAgent[_bridgeAgent]) revert AlreadyAddedBridgeAgent(); 367: revert AlreadyAddedBridgeAgent(); 384: revert AlreadyAddedBridgeAgent(); 387: revert BridgeAgentNotAllowed(); 492: if (isGlobalAddress[_ecoTokenGlobalAddress]) revert AlreadyAddedEcosystemToken(); 492: ) revert AlreadyAddedEcosystemToken(); 496: ) revert AlreadyAddedEcosystemToken(); 511: if (!isBridgeAgentFactory[msg.sender]) revert UnrecognizedBridgeAgentFactory(); 517: if (!isBridgeAgent[msg.sender]) revert UnrecognizedBridgeAgent(); 523: if (!(msg.sender == coreRootRouterAddress)) revert UnrecognizedCoreRootRouter(); 529: if (!(msg.sender == localBranchPortAddress)) revert UnrecognizedLocalBranchPort();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L129
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L145
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L130
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L131
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L129
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L145
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L146
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L147
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L149
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L159
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L280
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L294
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L300
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L309
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L318
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L330
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L280
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L294
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L300
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L309
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L318
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L330
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L280
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L294
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L300
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L309
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L318
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L330
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L280
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L294
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L300
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L309
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L318
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L330
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L280
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L294
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L300
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L309
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L318
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L330
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L280
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L294
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L300
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L309
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L318
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L330
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L367
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L367
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L384
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L387
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L492
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L492
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L496
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L511
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L517
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L523
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L529
File: ERC20hTokenBranchFactory.sol 28: require(_localPortAddress != address(0), "Port address cannot be 0"); 36: require(_coreRouter != address(0), "CoreRouter address cannot be 0"); 76: if (msg.sender != localCoreRouterAddress) revert UnrecognizedCoreRouter(); 82: if (msg.sender != localPortAddress) revert UnrecognizedPort();
File: ERC20hTokenRootFactory.sol 34: require(_rootPortAddress != address(0), "Root Port Address cannot be 0"); 41: require(_coreRouter != address(0), "CoreRouter address cannot be 0"); 76: revert UnrecognizedCoreRouter();
</details>File: ERC20hTokenRoot.sol 45: require(_rootPortAddress != address(0), "Root Port Address cannot be 0"); 46: require(_factoryAddress != address(0), "Factory Address cannot be 0"); 58: if (msg.sender != rootPortAddress) revert UnrecognizedPort();
require()/revert() Checks Should Be Refactored To A Modifier Or FunctionSaves deployment costs
File: ERC20Boost.sol 191: require(_userGauges[msg.sender].remove(gauge)); 213: require(_userGauges[msg.sender].remove(gauge)); 239: require(_userGauges[msg.sender].remove(gauge));
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L191
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L213
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L239
File: UlyssesERC4626.sol 50: require(assets != 0, "ZERO_ASSETS"); 75: require(assets != 0, "ZERO_ASSETS");
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L50
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L75
File: CoreRootRouter.sol 386: revert(); 396: revert(); 407: revert(); 418: revert(); 428: revert();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L386
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L396
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L407
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L418
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L428
File: MulticallRootRouter.sol 172: revert(); 245: revert(); 255: revert();
File: RootPort.sol 129: require(_setup, "Setup ended."); 145: require(_setup, "Setup ended.");
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L129
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L145
</details>else-block not requiredOne level of nesting can be removed by not having an else block when the if-block returns, and if (foo) { return 1; } else { return 2; } becomes if (foo) { return 1; } return 2;
File: GovernorBravoDelegateMaia.sol 314: } else if (block.timestamp >= add256(proposal.eta, timelock.GRACE_PERIOD())) { return ProposalState.Expired; } else { return ProposalState.Queued; }
File: UlyssesPool.sol 138: if (balance > assets) { return balance - assets; } else { return 0; }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L138
The following functions are missing critical parameters when emitting an event.
When dealing with source address which uses the value of msg.sender, the msg.sender value must be specified in every transaction, a contract or web page listening to events cannot react to users, emit does not serve the purpose. Basically, this event cannot be used.
File: ERC20Boost.sol function attach(address user) external { if (!_gauges.contains(msg.sender) || _deprecatedGauges.contains(msg.sender)) { revert InvalidGauge(); } if (!_userGauges[user].add(msg.sender)) revert GaugeAlreadyAttached(); uint128 userGaugeBoost = balanceOf[user].toUint128(); if (getUserBoost[user] < userGaugeBoost) { getUserBoost[user] = userGaugeBoost; emit UpdateUserBoost(user, userGaugeBoost); } getUserGaugeBoost[user][msg.sender] = GaugeState({userGaugeBoost: userGaugeBoost, totalGaugeBoost: totalSupply.toUint128()}); emit Attach(user, msg.sender, userGaugeBoost); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L128
File: GovernorBravoDelegateMaia.sol function cancel(uint256 proposalId) external { require(state(proposalId) != ProposalState.Executed, "GovernorBravo::cancel: cannot cancel executed proposal"); Proposal storage proposal = proposals[proposalId]; if (msg.sender != proposal.proposer && msg.sender != admin) { if (isWhitelisted(proposal.proposer)) { require( (govToken.getPriorVotes(proposal.proposer, sub256(block.number, 1)) < getProposalThresholdAmount()) && msg.sender == whitelistGuardian, "GovernorBravo::cancel: whitelisted proposer" ); } else { require( (govToken.getPriorVotes(proposal.proposer, sub256(block.number, 1)) < getProposalThresholdAmount()), "GovernorBravo::cancel: proposer above threshold" ); } } proposal.canceled = true; for (uint256 i = 0; i < proposal.targets.length; i++) { timelock.cancelTransaction( proposal.targets[i], proposal.values[i], proposal.signatures[i], proposal.calldatas[i], proposal.eta ); } emit ProposalCanceled(proposalId); }
File: GovernorBravoDelegateMaia.sol function _setVotingDelay(uint256 newVotingDelay) external { require(msg.sender == admin, "GovernorBravo::_setVotingDelay: admin only"); require( newVotingDelay >= MIN_VOTING_DELAY && newVotingDelay <= MAX_VOTING_DELAY, "GovernorBravo::_setVotingDelay: invalid voting delay" ); uint256 oldVotingDelay = votingDelay; votingDelay = newVotingDelay; emit VotingDelaySet(oldVotingDelay, votingDelay); }
File: GovernorBravoDelegateMaia.sol function _setVotingPeriod(uint256 newVotingPeriod) external { require(msg.sender == admin, "GovernorBravo::_setVotingPeriod: admin only"); require( newVotingPeriod >= MIN_VOTING_PERIOD && newVotingPeriod <= MAX_VOTING_PERIOD, "GovernorBravo::_setVotingPeriod: invalid voting period" ); uint256 oldVotingPeriod = votingPeriod; votingPeriod = newVotingPeriod; emit VotingPeriodSet(oldVotingPeriod, votingPeriod); }
File: GovernorBravoDelegateMaia.sol function _setProposalThreshold(uint256 newProposalThreshold) external { require(msg.sender == admin, "GovernorBravo::_setProposalThreshold: admin only"); require( newProposalThreshold >= MIN_PROPOSAL_THRESHOLD && newProposalThreshold <= MAX_PROPOSAL_THRESHOLD, "GovernorBravo::_setProposalThreshold: invalid proposal threshold" ); uint256 oldProposalThreshold = proposalThreshold; proposalThreshold = newProposalThreshold; emit ProposalThresholdSet(oldProposalThreshold, proposalThreshold); }
File: GovernorBravoDelegateMaia.sol function _setWhitelistAccountExpiration(address account, uint256 expiration) external { require( msg.sender == admin || msg.sender == whitelistGuardian, "GovernorBravo::_setWhitelistAccountExpiration: admin only" ); whitelistAccountExpirations[account] = expiration; emit WhitelistAccountExpirationSet(account, expiration); }
File: GovernorBravoDelegateMaia.sol function _setWhitelistGuardian(address account) external { require(msg.sender == admin, "GovernorBravo::_setWhitelistGuardian: admin only"); address oldGuardian = whitelistGuardian; whitelistGuardian = account; emit WhitelistGuardianSet(oldGuardian, whitelistGuardian); }
File: GovernorBravoDelegateMaia.sol function _setPendingAdmin(address newPendingAdmin) external { require(msg.sender == admin, "GovernorBravo:_setPendingAdmin: admin only"); address oldPendingAdmin = pendingAdmin; pendingAdmin = newPendingAdmin; emit NewPendingAdmin(oldPendingAdmin, newPendingAdmin); }
File: GovernorBravoDelegateMaia.sol function _acceptAdmin() external { require( msg.sender == pendingAdmin && msg.sender != address(0), "GovernorBravo:_acceptAdmin: pending admin only" ); address oldAdmin = admin; address oldPendingAdmin = pendingAdmin; admin = pendingAdmin; pendingAdmin = address(0); emit NewAdmin(oldAdmin, admin); emit NewPendingAdmin(oldPendingAdmin, pendingAdmin); }
File: GovernorBravoDelegator.sol function _setImplementation(address implementation_) public { require(msg.sender == admin, "GovernorBravoDelegator::_setImplementation: admin only"); require( implementation_ != address(0), "GovernorBravoDelegator::_setImplementation: invalid implementation address" ); address oldImplementation = implementation; implementation = implementation_; emit NewImplementation(oldImplementation, implementation); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L50
File: GovernorBravoDelegator.sol function _setImplementation(address implementation_) public { require(msg.sender == admin, "GovernorBravoDelegator::_setImplementation: admin only"); require( implementation_ != address(0), "GovernorBravoDelegator::_setImplementation: invalid implementation address" ); address oldImplementation = implementation; implementation = implementation_; emit NewImplementation(oldImplementation, implementation); }
File: UlyssesToken.sol function removeAsset(address asset) external nonReentrant onlyOwner { uint256 assetIndex = assetId[asset] - 1; uint256 newAssetsLength = assets.length - 1; if (newAssetsLength == 0) revert CannotRemoveLastAsset(); totalWeights -= weights[assetIndex]; address lastAsset = assets[newAssetsLength]; assetId[lastAsset] = assetIndex; assets[assetIndex] = lastAsset; weights[assetIndex] = weights[newAssetsLength]; assets.pop(); weights.pop(); assetId[asset] = 0; emit AssetRemoved(asset); updateAssetBalances(); asset.safeTransfer(msg.sender, asset.balanceOf(address(this))); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L80
File: RootBridgeAgent.sol function anyExecute(bytes calldata data) external virtual requiresExecutor returns (bool success, bytes memory result) { uint256 _initialGas = gasleft(); uint24 fromChainId; UserFeeInfo memory _userFeeInfo; if (localAnyCallExecutorAddress == msg.sender) { initialGas = _initialGas; (, uint256 _fromChainId) = _getContext(); fromChainId = _fromChainId.toUint24(); _userFeeInfo.depositedGas = _gasSwapIn( uint256(uint128(bytes16(data[data.length - PARAMS_GAS_IN:data.length - PARAMS_GAS_OUT]))), fromChainId ).toUint128(); _userFeeInfo.gasToBridgeOut = uint128(bytes16(data[data.length - PARAMS_GAS_OUT:data.length])); } else { fromChainId = localChainId; _userFeeInfo.depositedGas = uint128(bytes16(data[data.length - 32:data.length - 16])); _userFeeInfo.gasToBridgeOut = _userFeeInfo.depositedGas; } if (_userFeeInfo.depositedGas < _userFeeInfo.gasToBridgeOut) { _forceRevert(); return (true, "Not enough gas to bridge out"); } userFeeInfo = _userFeeInfo; bytes1 flag = data[0]; if (flag == 0x00) { uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeSystemRequest( localRouterAddress, data, fromChainId ) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { (success, result) = (false, reason); } executionHistory[fromChainId][nonce] = true; } else if (flag == 0x01) { uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeNoDeposit( localRouterAddress, data, fromChainId ) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { (success, result) = (true, reason); } executionHistory[fromChainId][nonce] = true; } else if (flag == 0x02) { uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeWithDeposit( localRouterAddress, data, fromChainId ) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { result = reason; } executionHistory[fromChainId][nonce] = true; } else if (flag == 0x03) { uint32 nonce = uint32(bytes4(data[2:6])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeWithDepositMultiple( localRouterAddress, data, fromChainId ) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { result = reason; } executionHistory[fromChainId][nonce] = true; } else if (flag == 0x04) { uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } VirtualAccount userAccount = IPort(localPortAddress).fetchVirtualAccount( address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) ); IPort(localPortAddress).toggleVirtualAccountApproved(userAccount, localRouterAddress); try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeSignedNoDeposit( address(userAccount), localRouterAddress, data, fromChainId ) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { (success, result) = (true, reason); } IPort(localPortAddress).toggleVirtualAccountApproved(userAccount, localRouterAddress); executionHistory[fromChainId][nonce] = true; } else if (flag == 0x05) { uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } VirtualAccount userAccount = IPort(localPortAddress).fetchVirtualAccount( address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) ); IPort(localPortAddress).toggleVirtualAccountApproved(userAccount, localRouterAddress); try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeSignedWithDeposit( address(userAccount), localRouterAddress, data, fromChainId ) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { result = reason; } IPort(localPortAddress).toggleVirtualAccountApproved(userAccount, localRouterAddress); executionHistory[fromChainId][nonce] = true; } else if (flag == 0x06) { uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } VirtualAccount userAccount = IPort(localPortAddress).fetchVirtualAccount( address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) ); IPort(localPortAddress).toggleVirtualAccountApproved(userAccount, localRouterAddress); try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeSignedWithDepositMultiple( address(userAccount), localRouterAddress, data, fromChainId ) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { result = reason; } IPort(localPortAddress).toggleVirtualAccountApproved(userAccount, localRouterAddress); executionHistory[fromChainId][nonce] = true; } else if (flag == 0x07) { uint32 nonce = uint32(bytes4(data[1:5])); if (executionHistory[fromChainId][nonce]) { _forceRevert(); return (true, "already executed tx"); } try RootBridgeAgentExecutor(bridgeAgentExecutorAddress).executeRetrySettlement(uint32(bytes4(data[5:9]))) returns (bool, bytes memory res) { (success, result) = (true, res); } catch (bytes memory reason) { result = reason; } executionHistory[fromChainId][nonce] = true; } else if (flag == 0x08) { uint32 nonce = uint32(bytes4(data[1:5])); if (!executionHistory[fromChainId][uint32(bytes4(data[1:5]))]) { executionHistory[fromChainId][nonce] = true; (success, result) = (false, ""); } else { _forceRevert(); return (true, "already executed tx"); } } else { if (initialGas > 0) { _payExecutionGas(userFeeInfo.depositedGas, userFeeInfo.gasToBridgeOut, _initialGas, fromChainId); } return (false, "unknown selector"); } emit LogCallin(flag, data, fromChainId); if (initialGas > 0) { _payExecutionGas(userFeeInfo.depositedGas, userFeeInfo.gasToBridgeOut, _initialGas, fromChainId); } }
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1168
File: UniswapV3Staker.sol function createIncentiveFromGauge(uint256 reward) external { if (reward <= 0) revert IncentiveRewardMustBePositive(); uint96 startTime = IncentiveTime.computeEnd(block.timestamp); IUniswapV3Pool pool = gaugePool[msg.sender]; if (address(pool) == address(0)) revert IncentiveCallerMustBeRegisteredGauge(); IncentiveKey memory key = IncentiveKey({startTime: startTime, pool: pool}); bytes32 incentiveId = IncentiveId.compute(key); incentives[incentiveId].totalRewardUnclaimed += reward; hermes.safeTransferFrom(msg.sender, address(this), reward); emit IncentiveCreated(pool, startTime, reward); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L153
File: UniswapV3Staker.sol function createIncentive(IncentiveKey memory key, uint256 reward) external { if (reward <= 0) revert IncentiveRewardMustBePositive(); uint96 startTime = IncentiveTime.computeStart(key.startTime); if (startTime != key.startTime) revert IncentiveStartTimeNotAtEndOfAnEpoch(); if (startTime <= block.timestamp) revert IncentiveStartTimeMustBeNowOrInTheFuture(); if (startTime - block.timestamp > maxIncentiveStartLeadTime) { revert IncentiveStartTimeTooFarIntoFuture(); } if (address(gauges[key.pool]) == address(0)) { revert IncentiveCannotBeCreatedForPoolWithNoGauge(); } bytes32 incentiveId = IncentiveId.compute(key); incentives[incentiveId].totalRewardUnclaimed += reward; hermes.safeTransferFrom(msg.sender, address(this), reward); emit IncentiveCreated(key.pool, startTime, reward); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L179
File: UniswapV3Staker.sol function onERC721Received(address, address from, uint256 tokenId, bytes calldata) external override returns (bytes4) { INonfungiblePositionManager _nonfungiblePositionManager = nonfungiblePositionManager; if (msg.sender != address(_nonfungiblePositionManager)) revert TokenNotUniswapV3NFT(); (IUniswapV3Pool pool, int24 tickLower, int24 tickUpper, uint128 liquidity) = NFTPositionInfo.getPositionInfo(factory, nonfungiblePositionManager, tokenId); deposits[tokenId] = Deposit({owner: from, tickLower: tickLower, tickUpper: tickUpper, stakedTimestamp: 0}); emit DepositTransferred(tokenId, address(0), from); _stakeToken(tokenId, pool, tickLower, tickUpper, liquidity); return this.onERC721Received.selector; }
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L230
File: UniswapV3Staker.sol function claimReward(address to, uint256 amountRequested) external returns (uint256 reward) { reward = rewards[msg.sender]; if (amountRequested != 0 && amountRequested < reward) { reward = amountRequested; rewards[msg.sender] -= reward; } else { rewards[msg.sender] = 0; } if (reward > 0) hermes.safeTransfer(to, reward); emit RewardClaimed(to, reward); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L273
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L283
File: UniswapV3Staker.sol function _unstakeToken(IncentiveKey memory key, uint256 tokenId, bool isNotRestake) private { Deposit storage deposit = deposits[tokenId]; (uint96 endTime, uint256 stakedDuration) = IncentiveTime.getEndAndDuration(key.startTime, deposit.stakedTimestamp, block.timestamp); address owner = deposit.owner; if ((isNotRestake || block.timestamp < endTime) && owner != msg.sender) revert NotCalledByOwner(); { address bribeAddress = bribeDepots[key.pool]; if (bribeAddress != address(0)) { nonfungiblePositionManager.collect( INonfungiblePositionManager.CollectParams({ tokenId: tokenId, recipient: bribeAddress, amount0Max: type(uint128).max, amount1Max: type(uint128).max }) ); } } bytes32 incentiveId = IncentiveId.compute(key); uint160 secondsInsideX128; uint128 liquidity; { uint128 boostAmount; uint128 boostTotalSupply; UniswapV3Gauge gauge = gauges[key.pool]; if (hermesGaugeBoost.isUserGauge(owner, address(gauge)) && _userAttachements[owner][key.pool] == tokenId) { (boostAmount, boostTotalSupply) = hermesGaugeBoost.getUserGaugeBoost(owner, address(gauge)); gauge.detachUser(owner); _userAttachements[owner][key.pool] = 0; } uint160 secondsPerLiquidityInsideInitialX128; (secondsPerLiquidityInsideInitialX128, liquidity) = stakes(tokenId, incentiveId); if (liquidity == 0) revert TokenNotStaked(); (, uint160 secondsPerLiquidityInsideX128,) = key.pool.snapshotCumulativesInside(deposit.tickLower, deposit.tickUpper); secondsInsideX128 = RewardMath.computeBoostedSecondsInsideX128( stakedDuration, liquidity, uint128(boostAmount), uint128(boostTotalSupply), secondsPerLiquidityInsideInitialX128, secondsPerLiquidityInsideX128 ); } deposit.stakedTimestamp = 0; Incentive storage incentive = incentives[incentiveId]; incentive.numberOfStakes--; uint256 reward = RewardMath.computeBoostedRewardAmount( incentive.totalRewardUnclaimed, incentive.totalSecondsClaimedX128, key.startTime, endTime, secondsInsideX128, block.timestamp ); unchecked { incentive.totalSecondsClaimedX128 += secondsInsideX128; incentive.totalRewardUnclaimed -= reward; rewards[owner] += reward; tokenIdRewards[tokenId] += reward; } Stake storage stake = _stakes[tokenId][incentiveId]; stake.secondsPerLiquidityInsideInitialX128 = 0; stake.liquidityNoOverflow = 0; if (liquidity >= type(uint96).max) stake.liquidityIfOverflow = 0; delete stakedIncentiveKey[tokenId]; emit TokenUnstaked(tokenId, incentiveId); }
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L458
</details>Add msg.sender parameter in event-emit
delete to Clear Variablesdelete a assigns the initial value for the type to a. i.e. for integers it is equivalent to a = 0, but it can also be used on arrays, where it assigns a dynamic array of length zero or a static array of the same length with all elements reset. For structs, it assigns a struct with all members reset. Similarly, it can also be used to set an address to zero address. It has no effect on whole mappings though (as the keys of mappings may be arbitrary and are generally unknown). However, individual keys and what they map to can be deleted: If a is a mapping, then delete a[x] will delete the value stored at x.
The delete key better conveys the intention and is also more idiomatic. Consider replacing assignments of zero with delete statements.
File: ERC20Boost.sol 249: getUserBoost[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L249
File: ERC20MultiVotes.sol 340: _delegatesVotesCount[user][delegatee] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L340
File: GovernorBravoDelegateMaia.sol 149: newProposal.eta = 0; 156: newProposal.forVotes = 0; 157: newProposal.againstVotes = 0; 158: newProposal.abstainVotes = 0;
File: BaseV2Minter.sol 165: weekly = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L165
File: FlywheelCore.sol 98: rewardsAccrued[user] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L98
File: FlywheelAcummulatedRewards.sol 55: amount = 0;
File: FlywheelGaugeRewards.sol 100: nextCycleQueuedRewards = 0; 101: paginationOffset = 0;
File: FlywheelGaugeRewards.sol 122: paginationOffset = 0; 145: nextCycleQueuedRewards = 0; 122: paginationOffset = 0;
File: FlywheelGaugeRewards.sol 225: cycleRewardsNext = 0;
File: TalosBaseStrategy.sol 362: liquidity = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L362
File: PoolVariables.sol 211: secondsAgo[1] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L211
File: UlyssesToken.sol 78: assetId[asset] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L78
File: UniswapV3Staker.sol 202: incentive.totalRewardUnclaimed = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L202
File: UniswapV3Staker.sol 268: rewards[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L268
File: UniswapV3Staker.sol 279: rewards[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L279
File: UniswapV3Staker.sol 406: _userAttachements[owner][key.pool] = 0; 426: deposit.stakedTimestamp = 0; 454: stake.secondsPerLiquidityInsideInitialX128 = 0; 455: stake.liquidityNoOverflow = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L406
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L426
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L454
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L455
</details>Immutables should be in uppercase per naming convention. As shown below, some immutables are named using capital letters and underscores while some are not. For a better code quality, please consider naming these immutables using the same naming convention.
File: UtilityManager.sol 25: bHermesGauges public immutable gaugeWeight; 27: bHermesBoost public immutable gaugeBoost; 29: ERC20Votes public immutable governance;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L25
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L27
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L29
File: ERC4626PartnerManager.sol 31: PartnerManagerFactory public immutable override factory; 34: bHermes public immutable override bHermesToken;
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/ERC4626PartnerManager.sol#L31
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/ERC4626PartnerManager.sol#L34
File: BaseFlywheelRewards.sol 26: address public immutable override rewardToken; 29: FlywheelCore public immutable override flywheel;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/BaseFlywheelRewards.sol#L26
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/BaseFlywheelRewards.sol#L29
File: SingleRewardsDepot.sol 13: address private immutable asset; 16: address private immutable rewardsContract;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/depots/SingleRewardsDepot.sol#L13
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/depots/SingleRewardsDepot.sol#L16
File: FlywheelGaugeRewards.sol 27: ERC20Gauges public immutable override gaugeToken; 30: IBaseV2Minter public immutable minter; 33: address public immutable override rewardToken; 39: uint32 public immutable override gaugeCycleLength;
File: TalosManager.sol 22: int24 public immutable ticksFromLowerRebalance; 25: int24 public immutable ticksFromUpperRebalance; 28: int24 public immutable ticksFromLowerRerange; 31: int24 public immutable ticksFromUpperRerange; 34: ITalosBaseStrategy public immutable strategy;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosManager.sol#L22
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosManager.sol#L25
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosManager.sol#L28
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosManager.sol#L31
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosManager.sol#L34
File: TalosStrategyStaked.sol 46: BoostAggregator public immutable override boostAggregator; 49: FlywheelCoreInstant public immutable flywheel;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L46
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L49
File: TalosBaseStrategy.sol 61: ERC20 public immutable override token0; 63: ERC20 public immutable override token1; 65: int24 public immutable override tickSpacing; 67: uint24 public immutable override poolFee; 69: IUniswapV3Pool public immutable override pool; 71: ITalosOptimizer public immutable override optimizer; 73: address public immutable strategyManager; 75: INonfungiblePositionManager public immutable override nonfungiblePositionManager;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L61
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L63
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L65
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L67
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L69
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L71
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L73
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L75
File: BoostAggregator.sol 27: INonfungiblePositionManager public immutable nonfungiblePositionManager; 30: UniswapV3Staker public immutable uniswapV3Staker; 33: bHermesBoost public immutable hermesGaugeBoost; 36: ERC20 public immutable hermes;
File: BoostAggregatorFactory.sol 19: UniswapV3Staker public immutable uniswapV3Staker; 22: ERC20 public immutable hermes;
File: TalosStrategyStakedFactory.sol 26: BoostAggregatorFactory public immutable boostAggregatorFactory; 29: FlywheelCoreInstant public immutable flywheel; 32: FlywheelInstantRewards public immutable rewards;
File: UniswapV3Staker.sol 91: IUniswapV3GaugeFactory public immutable uniswapV3GaugeFactory; 94: IUniswapV3Factory public immutable override factory; 97: INonfungiblePositionManager public immutable override nonfungiblePositionManager; 100: uint256 public immutable override maxIncentiveStartLeadTime; 103: address public immutable minter; 106: address public immutable hermes; 109: bHermesBoost public immutable hermesGaugeBoost;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L91
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L94
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L97
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L100
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L103
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L106
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L109
</details>There is no need to initialize uint variables to zero as their default value is 0
File: ERC20Boost.sol 151: uint256 userBoost = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L151
File: ERC20MultiVotes.sol 67: uint256 low = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L67
File: UniswapV3Staker.sol 456: if (liquidity >= type(uint96).max) stake.liquidityIfOverflow = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L456
The memory-safe annotation (assembly ("memory-safe") { ... }), available starting in Solidity version 0.8.13 is preferred over the comment variant, which will be removed in a future breaking release. The comment variant is only meant for externalized library code that needs to work in earlier versions (e.g. SafeTransferLib needs to be able to be used in many different versions).
File: DateTimeLib.sol 42: /// @solidity memory-safe-assembly
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/libraries/DateTimeLib.sol#L42
File: UlyssesPool.sol // There are over 200 instances of this in this file 355: /// @solidity memory-safe-assembly
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol
When changing state variables events are not emitted. Emitting events allows monitoring activities with off-chain monitoring tools.
File: UniswapV3GaugeFactory.sol 98: function setMinimumWidth(address gauge, uint24 minimumWidth) external onlyOwner {
File: BaseV2Minter.sol 86: function setDao(address _dao) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L86
File: BaseV2Minter.sol 92: function setDaoShare(uint256 _daoShare) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L92
File: BaseV2Minter.sol 98: function setTailEmission(uint256 _tail_emission) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L98
File: TalosOptimizer.sol 62: function setMaxTotalSupply(uint256 _maxTotalSupply) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosOptimizer.sol#L62
File: TalosOptimizer.sol 68: function setTwapDuration(uint32 _twapDuration) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosOptimizer.sol#L68
File: TalosOptimizer.sol 74: function setMaxTwapDeviation(int24 _maxTwapDeviation) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosOptimizer.sol#L74
File: TalosOptimizer.sol 80: function setTickRange(int24 _tickRangeMultiplier) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosOptimizer.sol#L80
File: TalosOptimizer.sol 85: function setPriceImpact(uint24 _priceImpactPercentage) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosOptimizer.sol#L85
File: BoostAggregator.sol 100: function setOwnRewardsDepot(address rewardsDepot) external {
File: BoostAggregator.sol 153: function setProtocolFee(uint256 _protocolFee) external onlyOwner {
File: UlyssesPool.sol 223: function setWeight(uint256 poolId, uint8 weight) external nonReentrant onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L223
File: UlyssesPool.sol 308: function setFees(Fees calldata _fees) external nonReentrant onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L308
File: UlyssesPool.sol 323: function setProtocolFee(uint256 _protocolFee) external nonReentrant {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L323
File: BranchPort.sol 301: function setCoreRouter(address _newCoreRouter) external requiresCoreRouter {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L301
</details>File: GovernorBravoDelegateMaia.sol 539: chainId := chainid()
external/public function names should begin with an underscoreAccording to the Solidity Style Guide, Non-external/public function names should begin with an <a href="https://docs.soliditylang.org/en/latest/style-guide.html#underscore-prefix-for-non-external-functions-and-variables">underscore</a>
File: ERC20MultiVotes.sol 80: function average(uint256 a, uint256 b) internal pure returns (uint256) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L80
File: ERC4626.sol 171: function beforeWithdraw(uint256 assets, uint256 shares) internal virtual {
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L171
File: ERC4626.sol 173: function afterDeposit(uint256 assets, uint256 shares) internal virtual {
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L173
File: ERC4626DepositOnly.sol 111: function afterDeposit(uint256 assets, uint256 shares) internal virtual {
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626DepositOnly.sol#L111
File: ERC4626MultiToken.sol 292: function beforeWithdraw(uint256[] memory assetsAmounts, uint256 shares) internal virtual {
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L292
File: ERC4626MultiToken.sol 294: function afterDeposit(uint256[] memory assetsAmounts, uint256 shares) internal virtual {
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L294
File: BaseV2Gauge.sol 98: function distribute(uint256 amount) internal virtual;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L98
File: UniswapV3Gauge.sol 53: function distribute(uint256 amount) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/UniswapV3Gauge.sol#L53
File: BaseV2GaugeFactory.sol 125: function afterCreateGauge(address strategy, bytes memory data) internal virtual;
File: UniswapV3GaugeFactory.sol 76: function newGauge(address strategy, bytes memory data) internal override returns (BaseV2Gauge) {
File: UniswapV3GaugeFactory.sol 89: function afterCreateGauge(address strategy, bytes memory) internal override {
File: GovernorBravoDelegateMaia.sol 190: function queueOrRevertInternal( address target, uint256 value, string memory signature, bytes memory data, uint256 eta ) internal {
File: GovernorBravoDelegateMaia.sol 361: function castVoteInternal(address voter, uint256 proposalId, uint8 support) internal returns (uint96) {
File: GovernorBravoDelegateMaia.sol 525: function add256(uint256 a, uint256 b) internal pure returns (uint256) {
File: GovernorBravoDelegateMaia.sol 531: function sub256(uint256 a, uint256 b) internal pure returns (uint256) {
File: GovernorBravoDelegateMaia.sol 536: function getChainIdInternal() internal view returns (uint256) {
File: GovernorBravoDelegator.sol 59: function delegateTo(address callee, bytes memory data) internal {
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L59
File: vMaia.sol 102: function beforeWithdraw(uint256, uint256) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/vMaia.sol#L102
File: DateTimeLib.sol 39: function getMonth(uint256 timestamp) internal pure returns (uint256 month) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/libraries/DateTimeLib.sol#L39
File: DateTimeLib.sol 55: function isTuesday(uint256 timestamp) internal pure returns (bool result, uint256 startOfDay) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/libraries/DateTimeLib.sol#L55
File: GovernorBravoDelegator.sol 58: function delegateTo(address callee, bytes memory data) internal {
File: FlywheelBribeRewards.sol 32: function getNextCycleRewards(ERC20 strategy) internal override returns (uint256) {
File: TalosStrategyStaked.sol 101: function beforeRedeem(uint256 _tokenId, address _owner) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L101
File: TalosStrategyStaked.sol 108: function afterRedeem(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L108
File: TalosStrategyStaked.sol 114: function beforeDeposit(uint256 _tokenId, address _receiver) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L114
File: TalosStrategyStaked.sol 121: function afterDeposit(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L121
File: TalosStrategyStaked.sol 127: function beforeRerange(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L127
File: TalosStrategyStaked.sol 134: function afterRerange(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L134
File: TalosStrategyVanilla.sol 72: function beforeRedeem(uint256 _tokenId, address) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L72
File: TalosStrategyVanilla.sol 79: function afterRedeem(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L79
File: TalosStrategyVanilla.sol 83: function beforeDeposit(uint256 _tokenId, address) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L83
File: TalosStrategyVanilla.sol 90: function afterDeposit(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L90
File: TalosStrategyVanilla.sol 94: function beforeRerange(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L94
File: TalosStrategyVanilla.sol 100: function afterRerange(uint256 _tokenId) internal override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L100
File: TalosBaseStrategy.sol 373: function beforeDeposit(uint256 _tokenId, address _receiver) internal virtual;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L373
File: TalosStrategyStakedFactory.sol 62: function createTalosV3Strategy( IUniswapV3Pool pool, ITalosOptimizer optimizer, address strategyManager, bytes memory data ) internal override returns (TalosBaseStrategy strategy) {
File: TalosStrategyVanillaFactory.sol 33: function createTalosV3Strategy( IUniswapV3Pool pool, ITalosOptimizer optimizer, address strategyManager, bytes memory ) internal override returns (TalosBaseStrategy) {
File: PoolActions.sol 38: function swapToEqualAmounts(ActionParams memory actionParams, int24 baseThreshold) internal {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolActions.sol#L38
File: PoolActions.sol 56: function rerange( INonfungiblePositionManager nonfungiblePositionManager, ActionParams memory actionParams, uint24 poolFee ) internal returns (int24 tickLower, int24 tickUpper, uint256 amount0, uint256 amount1, uint256 tokenId, uint128 liquidity) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolActions.sol#L56
File: PoolVariables.sol 47: function amountsForLiquidity(IUniswapV3Pool pool, uint128 liquidity, int24 _tickLower, int24 _tickUpper) internal view returns (uint256, uint256) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L47
File: PoolVariables.sol 66: function liquidityForAmounts( IUniswapV3Pool pool, uint256 amount0, uint256 amount1, int24 _tickLower, int24 _tickUpper ) internal view returns (uint128) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L66
File: PoolVariables.sol 88: function checkRange(int24 tickLower, int24 tickUpper) internal pure {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L88
File: PoolVariables.sol 96: function floor(int24 tick, int24 tickSpacing) internal pure returns (int24) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L96
File: PoolVariables.sol 110: function getPositionTicks( IUniswapV3Pool pool, uint256 amount0Desired, uint256 amount1Desired, int24 baseThreshold, int24 tickSpacing ) internal view returns (int24 tickLower, int24 tickUpper) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L110
File: PoolVariables.sol 155: function amountsForTicks( IUniswapV3Pool pool, uint256 amount0Desired, uint256 amount1Desired, int24 _tickLower, int24 _tickUpper ) internal view returns (uint256 amount0, uint256 amount1) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L155
File: PoolVariables.sol 185: function amountsDirection(uint256 amount0Desired, uint256 amount1Desired, uint256 amount0, uint256 amount1) internal pure returns (bool zeroGreaterOne) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L185
File: PoolVariables.sol 217: function getSwapToEqualAmountsParams( IUniswapV3Pool _pool, ITalosOptimizer _strategy, int24 _tickSpacing, int24 baseThreshold, ERC20 _token0, ERC20 _token1 ) internal returns (bool zeroForOne, int256 amountSpecified, uint160 sqrtPriceLimitX96) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L217
File: TalosStrategySimple.sol 30: function doRerange() internal override returns (uint256 amount0, uint256 amount1) {
File: TalosStrategySimple.sol 36: function doRebalance() internal override returns (uint256 amount0, uint256 amount1) {
File: UlyssesPool.sol 1200: function beforeDeposit(uint256 assets) internal override returns (uint256 shares) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L1200
File: UlyssesPool.sol 1209: function beforeMint(uint256 shares) internal override returns (uint256 assets) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L1209
File: UlyssesPool.sol 1218: function afterRedeem(uint256 shares) internal override returns (uint256 assets) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L1218
File: UlyssesToken.sol 110: function updateAssetBalances() internal {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L110
File: RootBridgeAgent.sol 50: function checkParams(address _localPortAddress, DepositParams memory _dParams, uint24 _fromChain) internal view returns (bool) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L50
File: RootPort.sol 293: function mint(address _to, address _hToken, uint256 _amount, uint24 _fromChain) internal {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L293
File: RootPort.sol 349: function addVirtualAccount(address _user) internal returns (VirtualAccount newAccount) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L349
File: IncentiveId.sol 16: function compute(IUniswapV3Staker.IncentiveKey memory key) internal pure returns (bytes32 incentiveId) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/IncentiveId.sol#L16
File: IncentiveTime.sol 17: function computeStart(uint256 timestamp) internal pure returns (uint96 start) {
File: IncentiveTime.sol 23: function computeEnd(uint256 timestamp) internal pure returns (uint96 end) {
File: IncentiveTime.sol 31: function getEnd(uint96 start) internal pure returns (uint96 end) {
File: IncentiveTime.sol 35: function getEndAndDuration(uint96 start, uint40 stakedTimestamp, uint256 timestamp) internal pure returns (uint96 end, uint256 stakedDuration) {
File: NFTPositionInfo.sol 21: function getPositionInfo( IUniswapV3Factory factory, INonfungiblePositionManager nonfungiblePositionManager, uint256 tokenId ) internal view returns (IUniswapV3Pool pool, int24 tickLower, int24 tickUpper, uint128 liquidity) {
File: RewardMath.sol 20: function computeBoostedSecondsInsideX128( uint256 stakedDuration, uint128 liquidity, uint128 boostAmount, uint128 boostTotalSupply, uint160 secondsPerLiquidityInsideInitialX128, uint160 secondsPerLiquidityInsideX128 ) internal pure returns (uint160 boostedSecondsInsideX128) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/RewardMath.sol#L20
File: RewardMath.sol 56: function computeBoostedRewardAmount( uint256 totalRewardUnclaimed, uint160 totalSecondsClaimedX128, uint256 startTime, uint256 endTime, uint160 secondsInsideX128, uint256 currentTime ) internal pure returns (uint256) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/RewardMath.sol#L56
</details>Throughout the codebase, events are generally emitted when sensitive changes are made to the contracts. However, some events are missing important parameters The following events should also add the previous original value in addition to the new value.
File: IUniswapV3Gauge.sol 68: event NewMinimumWidth(uint24 minimumWidth);
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/interfaces/IUniswapV3Gauge.sol#L68
File: IFlywheelCore.sol 140: event FlywheelRewardsUpdate(address indexed newFlywheelRewards);
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/interfaces/IFlywheelCore.sol#L140
File: IFlywheelCore.sol 146: event FlywheelBoosterUpdate(address indexed newBooster);
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/interfaces/IFlywheelCore.sol#L146
File: IRootPort.sol 319: event NewChainAdded(uint24 indexed chainId);
The events should include the new value and old value where possible.
From the point of view of a user, the changing of the owner of a contract is a high risk operation that may have outcomes ranging from an attacker gaining control over the protocol, to the function no longer functioning due to a typo in the destination address. To give users plenty of warning so that they can validate any ownership changes, changes of ownership should be behind a timelock.
File: UlyssesFactory.sol 65: function renounceOwnership(
File: BranchPort.sol 113: function renounceOwnership(
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L113
File: RootPort.sol 165: function renounceOwnership(
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L165
>/>= without specifying an upper bound is unsafeThere will be breaking changes in future versions of solidity, and at that point your code will no longer be compatable. While you may have the specific version to use in a configuration file, others that include your source files may not.
File: ERC4626.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L2
File: ERC4626DepositOnly.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626DepositOnly.sol#L2
File: ERC4626MultiToken.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L2
File: UlyssesERC4626.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L2
File: IERC4626.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/interfaces/IERC4626.sol#L2
File: TalosStrategyStaked.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L2
File: TalosStrategyVanilla.sol 3: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L3
File: TalosBaseStrategy.sol 3: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L3
File: BoostAggregator.sol 2: pragma solidity >=0.8.0;
File: IBoostAggregator.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/interfaces/IBoostAggregator.sol#L2
File: TalosStrategySimple.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/strategies/TalosStrategySimple.sol#L2
</details>All private variables should start with _ but following do not respect the naming convetion.
File: FlywheelCore.sol 148: uint256 private constant ONE = 1e18;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L148
File: TalosStrategyStaked.sol 52: bool private stakeFlag = false;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L52
File: TalosStrategyVanilla.sol 47: uint24 private constant protocolFee = 2 * 1e5; //20%
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L47
File: BoostAggregator.sol 56: uint256 private constant DIVISIONER = 10000;
File: UlyssesPool.sol 65: uint256 private constant DIVISIONER = 1 ether;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L65
</details>Contracts are allowed to override their parents’ functions and change the visibility from external to public.
File: bHermes.sol function claimOutstanding() public virtual {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/bHermes.sol#L96
File: bHermes.sol function totalAssets() public view virtual override returns (uint256) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/bHermes.sol#L115
File: bHermes.sol function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/bHermes.sol#L158
File: vMaia.sol function claimBoost(uint256 amount) public override {
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/vMaia.sol#L91
File: TalosStrategyStaked.sol function createTalosV3Strategy( IUniswapV3Pool pool, ITalosOptimizer optimizer, BoostAggregator boostAggregator, address strategyManager, FlywheelCoreInstant flywheel, address owner ) public returns (TalosBaseStrategy) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L20
File: TalosStrategyStaked.sol function transferFrom(address _from, address _to, uint256 _amount) public override returns (bool) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L94
File: TalosStrategyVanilla.sol function createTalosV3Vanilla( IUniswapV3Pool pool, ITalosOptimizer optimizer, INonfungiblePositionManager nonfungiblePositionManager, address strategyManager, address owner ) public returns (TalosBaseStrategy) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L22
File: PoolVariables.sol function checkDeviation(IUniswapV3Pool pool, int24 maxTwapDeviation, uint32 twapDuration) public view {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L199
File: UlyssesPool.sol function totalAssets() public view override returns (uint256) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L102
File: UlyssesPool.sol function maxRedeem(address owner) public view override returns (uint256) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L107
File: UlyssesToken.sol function totalAssets() public view override returns (uint256 _totalAssets) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L39
File: UlyssesFactory.sol function deployPool( uint256 id, address asset, string calldata name, string calldata symbol, address owner, address factory ) public returns (UlyssesPool) {
File: UlyssesFactory.sol function renounceOwnership() public payable override onlyOwner {
File: BranchPort.sol function renounceOwnership() public payable override onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L113
File: RootPort.sol function renounceOwnership() public payable override onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L165
</details>File: bHermes.sol 62: {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/bHermes.sol#L62
File: BaseV2Minter.sol 152: try flywheelGaugeRewards.queueRewardsForCycle() {} catch {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L152
File: vMaia.sol 91: function claimBoost(uint256 amount) public override {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/vMaia.sol#L91
File: FlywheelCoreInstant.sol 38: ) Core(_rewardToken, address(_flywheelRewards), _flywheelBooster, _owner) {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/FlywheelCoreInstant.sol#L38
File: FlywheelCoreStrategy.sol 37: ) Core(_rewardToken, address(_flywheelRewards), _flywheelBooster, _owner) {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/FlywheelCoreStrategy.sol#L37
File: FlywheelBribeRewards.sol 29: {}
File: TalosManager.sol 96: try strategy.pool().checkDeviation(optimizer.maxTwapDeviation(), optimizer.twapDuration()) {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosManager.sol#L96
File: TalosStrategyStaked.sol 179: } catch {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyStaked.sol#L179
File: TalosStrategyVanilla.sol 64: ) TalosStrategySimple(_pool, _optimizer, _nonfungiblePositionManager, _strategyManager, _owner) {} 79: function afterRedeem(uint256 _tokenId) internal override {} 90: function afterDeposit(uint256 _tokenId) internal override {} 100: function afterRerange(uint256 _tokenId) internal override {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L64
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L79
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L90
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L100
File: TalosStrategyVanillaFactory.sol 26: {}
File: TalosStrategySimple.sol 24: ) TalosBaseStrategy(_pool, _strategy, _nonfungiblePositionManager, _strategyManager, _owner) {}
File: ArbitrumBranchBridgeAgent.sol 90: {} 181: {} 181: function _replenishGas(uint256) internal override {}
File: ArbitrumCoreBranchRouter.sol 40: {}
File: BranchBridgeAgent.sol 1328: if (executionBudget > 0) try anycallConfig.withdraw(executionBudget) {} catch {} 1419: fallback() external payable {}
File: CoreBranchRouter.sol 284: fallback() external payable {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L284
File: RootBridgeAgent.sol 1240: if (executionBudget > 0) try anycallConfig.withdraw(executionBudget) {} catch {} 1334: fallback() external payable {}
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1240
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1334
</details>File: ArbitrumBranchBridgeAgentFactory.sol 52: {}
The type of the variable is the same as the type to which the variable is being cast
File: FlywheelCore.sol 128: address(newFlywheelRewards)
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L128
File: TalosBaseStrategy.sol 339: int256(amount0)
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L339
File: TalosBaseStrategy.sol 340: int256(amount1)
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L340
File: RootPort.sol 160: address(_owner)
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L160
Note that there may be cases where a variable appears to be used, but this is only because there are multiple definitions of the varible in different files. In such cases, the variable definition should be moved into a separate file. The instances below are the unused variables.
File: AnycallFlags.sol FLAG_MERGE_CONFIG_FLAGS FLAG_EXEC_FALLBACK FLAG_PAY_FEE_ON_DEST FLAG_NONE FLAG_EXEC_START_VALUE
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol
error definitionNote that there may be cases where an error superficially appears to be used, but this is only because there are multiple definitions of the error in different files. In such cases, the error definition should be moved into a separate file. The instances below are the unused definitions.
File: IRootPort.sol error UnrecognizedStrategyManager error FeeError error AlreadyExecutedTransaction error InvalidChain error UnrecognizedGlobalAddress error UnrecognizedAddressInDestination error UnknowHTokenFactory
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/interfaces/IRootPort.sol
The use of underscore at the end of the variable name is uncommon and also suggests that the variable name was not completely changed. Consider refactoring variableName_ to variableName.
File: GovernorBravoDelegateMaia.sol 82: votingPeriod_; 83: votingDelay_; 84: proposalThreshold_;
File: GovernorBravoDelegator.sol 34: admin_; 48: implementation_;
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L34
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L48
File: GovernorBravoDelegator.sol 33: admin_; 47: implementation_;
bytes.concat()Solidity version 0.8.4 introduces bytes.concat() (vs abi.encodePacked(<bytes>,<bytes>))
File: ERC20MultiVotes.sol 367: abi.encodePacked( "/x19/x01", DOMAIN_SEPARATOR(), keccak256(abi.encode(DELEGATION_TYPEHASH, delegatee, nonce, expiry)) ) ), v, r, s )
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L367
File: GovernorBravoDelegateMaia.sol 348: bytes32 digest = keccak256(abi.encodePacked("/x19/x01", domainSeparator, structHash))
File: ArbitrumCoreBranchRouter.sol 56: bytes memory packedData = abi.encodePacked(bytes1(0x02), data) 101: bytes memory packedData = abi.encodePacked(bytes1(0x04), data)
File: BranchBridgeAgent.sol 226: bytes memory packedData = abi.encodePacked( bytes1(0x04), msg.sender, depositNonce, _params, msg.value.toUint128(), _remoteExecutionGas ) 245: bytes memory packedData = abi.encodePacked( bytes1(0x05), msg.sender, depositNonce, _dParams.hToken, _dParams.token, _dParams.amount, _normalizeDecimals(_dParams.deposit, ERC20(_dParams.token).decimals()), _dParams.toChain, _params, msg.value.toUint128(), _remoteExecutionGas ) 288: bytes memory packedData = abi.encodePacked( bytes1(0x06), msg.sender, uint8(_dParams.hTokens.length), depositNonce, _dParams.hTokens, _dParams.tokens, _dParams.amounts, _deposits, _dParams.toChain, _params, msg.value.toUint128(), _remoteExecutionGas ) 334: packedData = abi.encodePacked( bytes1(0x05), msg.sender, _depositNonce, getDeposit[_depositNonce].hTokens[0], getDeposit[_depositNonce].tokens[0], getDeposit[_depositNonce].amounts[0], _normalizeDecimals( getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() ), _toChain, _params, msg.value.toUint128(), _remoteExecutionGas ) 350: packedData = abi.encodePacked( bytes1(0x02), _depositNonce, getDeposit[_depositNonce].hTokens[0], getDeposit[_depositNonce].tokens[0], getDeposit[_depositNonce].amounts[0], _normalizeDecimals( getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() ), _toChain, _params, msg.value.toUint128(), _remoteExecutionGas ) 370: packedData = abi.encodePacked( bytes1(0x06), msg.sender, uint8(getDeposit[_depositNonce].hTokens.length), nonce, getDeposit[nonce].hTokens, getDeposit[nonce].tokens, getDeposit[nonce].amounts, _normalizeDecimalsMultiple(getDeposit[nonce].deposits, getDeposit[nonce].tokens), _toChain, _params, msg.value.toUint128(), _remoteExecutionGas ) 385: packedData = abi.encodePacked( bytes1(0x03), uint8(getDeposit[nonce].hTokens.length), _depositNonce, getDeposit[nonce].hTokens, getDeposit[nonce].tokens, getDeposit[nonce].amounts, _normalizeDecimalsMultiple(getDeposit[nonce].deposits, getDeposit[nonce].tokens), _toChain, _params, msg.value.toUint128(), _remoteExecutionGas ) 425: bytes memory packedData = abi.encodePacked( bytes1(0x07), depositNonce++, _settlementNonce, msg.value.toUint128(), _gasToBoostSettlement ) 435: bytes memory packedData = abi.encodePacked(bytes1(0x08), _depositNonce, msg.value.toUint128(), uint128(0)) 481: abi.encodePacked(bytes1(0x00), depositNonce, _params, gasToBridgeOut, _remoteExecutionGas) 657: abi.encodePacked(bytes1(0x01), depositNonce, _params, _gasToBridgeOut, _remoteExecutionGas) 681: bytes memory packedData = abi.encodePacked( bytes1(0x02), depositNonce, _dParams.hToken, _dParams.token, _dParams.amount, _normalizeDecimals(_dParams.deposit, ERC20(_dParams.token).decimals()), _dParams.toChain, _params, _gasToBridgeOut, _remoteExecutionGas ) 724: bytes memory packedData = abi.encodePacked( bytes1(0x03), uint8(_dParams.hTokens.length), depositNonce, _dParams.hTokens, _dParams.tokens, _dParams.amounts, deposits, _dParams.toChain, _params, _gasToBridgeOut, _remoteExecutionGas )
File: CoreBranchRouter.sol 51: bytes memory packedData = abi.encodePacked(bytes1(0x01), data) 75: bytes memory packedData = abi.encodePacked(bytes1(0x02), data) 108: bytes memory packedData = abi.encodePacked(bytes1(0x03), data) 151: bytes memory packedData = abi.encodePacked(bytes1(0x04), data)
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L51
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L75
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L108
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L151
File: CoreRootRouter.sol 112: bytes memory packedData = abi.encodePacked(bytes1(0x02), data) 163: bytes memory packedData = abi.encodePacked(bytes1(0x01), data) 241: bytes memory packedData = abi.encodePacked(bytes1(0x03), data) 262: bytes memory packedData = abi.encodePacked(bytes1(0x04), data) 285: bytes memory packedData = abi.encodePacked(bytes1(0x05), data) 312: bytes memory packedData = abi.encodePacked(bytes1(0x06), data)
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L112
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L163
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L241
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L262
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L285
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L312
File: RootBridgeAgent.sol 278: abi.encodePacked(bytes1(0x00), _recipient, settlementNonce++, _data, _manageGasOut(_toChain)) 306: bytes memory data = abi.encodePacked( bytes1(0x01), _recipient, settlementNonce, localAddress, underlyingAddress, _amount, _deposit, _data, _manageGasOut(_toChain) ) 359: bytes memory data = abi.encodePacked( bytes1(0x02), _recipient, uint8(hTokens.length), settlementNonce, hTokens, tokens, _amounts, _deposits, _data, _manageGasOut(_toChain) ) 558: bytes memory newGas = abi.encodePacked(_manageGasOut(settlement.toChain))
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L278
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L306
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L359
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L558
</details>Use bytes.concat() and upgrade to at least Solidity version 0.8.4 if required.
"" instead of "0x00" for empty bytes to avoid triggering extra computation on transfersWhen tokens with hooks on transfer take in bytes arguments, there is often a length check so that 0 length bytes inputs are skipped. By using "0x00", a non-0 bytes value is created which is semantically empty but would fail the 0-length check. This would increase the gas cost of processing such transfers.
File: UlyssesPool.sol 384: let bandwidthStateListStart := keccak256(0x00, 0x20)
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L384
File: BranchBridgeAgent.sol 481: abi.encodePacked(bytes1(0x00), depositNonce, _params, gasToBridgeOut, _remoteExecutionGas);
File: BranchBridgeAgent.sol 1143: if (flag == 0x00) {
File: BranchBridgeAgent.sol 1243: if ((flag == 0x00) || (flag == 0x01) || (flag == 0x02)) {
File: RootBridgeAgent.sol 278: abi.encodePacked(bytes1(0x00), _recipient, settlementNonce++, _data, _manageGasOut(_toChain));
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L278
File: RootBridgeAgent.sol 914: if (flag == 0x00) { 1197: if (flag == 0x00) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L914
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1197
</details>Consider changing the value to "" instead, unless there is some other reason to retain the bytes value as-is.
File: ERC20MultiVotes.sol 63: /// @dev Lookup a value in a list of (sorted) checkpoints. function _checkpointsLookup(Checkpoint[] storage ckpts, uint256 blockNumber) private view returns (uint256) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L63
File: BaseV2Gauge.sol 129: /// @dev Can't add existing flywheel (active or not) if (added[bribeFlywheel]) revert FlywheelAlreadyAdded(); address flyWheelRewards = address(bribeFlywheel.flywheelRewards()); FlywheelBribeRewards(flyWheelRewards).setRewardsDepot(multiRewardsDepot); multiRewardsDepot.addAsset(flyWheelRewards, bribeFlywheel.rewardToken()); bribeFlywheels.push(bribeFlywheel); isActive[bribeFlywheel] = true; added[bribeFlywheel] = true; emit AddedBribeFlywheel(bribeFlywheel); } /// @inheritdoc IBaseV2Gauge function removeBribeFlywheel(FlywheelCore bribeFlywheel) external onlyOwner {
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L129
File: GovernorBravoDelegator.sol 66: /** * @dev Delegates execution to an implementation contract. * It returns to the external caller whatever the implementation returns * or forwards reverts. */ fallback() external payable { // delegate all other functions to current implementation (bool success,) = implementation.delegatecall(msg.data); assembly {
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L66
File: BaseV2Minter.sol 15: /// @title Base V2 Minter - Mints HERMES tokens for the B(3,3) system contract BaseV2Minter is Ownable, IBaseV2Minter { using SafeTransferLib for address; /*////////////////////////////////////////////////////////////// MINTER STATE //////////////////////////////////////////////////////////////*/ /// @dev allows minting once per week (reset every Thursday 00:00 UTC) uint256 internal constant week = 86400 * 7; /// @dev 2% per week target emission uint256 internal constant base = 1000; uint256 internal constant max_tail_emission = 100; uint256 internal constant max_dao_share = 300; /// @inheritdoc IBaseV2Minter address public immutable override underlying; /// @inheritdoc IBaseV2Minter ERC4626 public immutable override vault; /// @inheritdoc IBaseV2Minter FlywheelGaugeRewards public override flywheelGaugeRewards; /// @inheritdoc IBaseV2Minter address public override dao; /// @inheritdoc IBaseV2Minter uint256 public override daoShare = 100; uint256 public override tailEmission = 20; /// @inheritdoc IBaseV2Minter /// @inheritdoc IBaseV2Minter uint256 public override weekly; /// @inheritdoc IBaseV2Minter uint256 public override activePeriod; address internal initializer; constructor( address _vault, // the B(3,3) system that will be locked into address _dao, address _owner ) { _initializeOwner(_owner); initializer = msg.sender; dao = _dao; underlying = address(ERC4626(_vault).asset()); vault = ERC4626(_vault); } /*////////////////////////////////////////////////////////////// FALLBACK LOGIC //////////////////////////////////////////////////////////////*/ fallback() external { updatePeriod(); } /*////////////////////////////////////////////////////////////// ADMIN LOGIC //////////////////////////////////////////////////////////////*/ /// @inheritdoc IBaseV2Minter function initialize(FlywheelGaugeRewards _flywheelGaugeRewards) external { 87: /// @dev DAO can be set to address(0) to disable DAO rewards. dao = _dao; } /// @inheritdoc IBaseV2Minter function setDaoShare(uint256 _daoShare) external onlyOwner { 135: /// @dev share of newWeeklyEmission emissions sent to DAO. uint256 share = (_required * daoShare) / base; _required += share; uint256 _balanceOf = underlying.balanceOf(address(this)); if (_balanceOf < _required) { HERMES(underlying).mint(address(this), _required - _balanceOf); } underlying.safeTransfer(address(vault), _growth); if (dao != address(0)) underlying.safeTransfer(dao, share); emit Mint(msg.sender, newWeeklyEmission, _circulatingSupply, _growth, share); /// @dev queue rewards for the cycle, anyone can call if fails /// queueRewardsForCycle will call this function but won't enter /// here because activePeriod was updated try flywheelGaugeRewards.queueRewardsForCycle() {
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L15
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L87
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L135
File: PartnerUtilityManager.sol 74: /// @dev Vault applies outstanding weight. if (partnerVault != address(0) && address(gaugeWeight).balanceOf(address(this)) > 0) { IBaseVault(partnerVault).applyWeight(); } } /// @inheritdoc IUtilityManager function forfeitBoost(uint256 amount) public virtual override { 84: /// @dev Vault applies outstanding boost. if (partnerVault != address(0) && address(gaugeBoost).balanceOf(address(this)) > 0) { IBaseVault(partnerVault).applyBoost(); } } /// @inheritdoc IUtilityManager function forfeitGovernance(uint256 amount) public virtual override { 94: /// @dev Vault applies outstanding governance. if (partnerVault != address(0) && address(governance).balanceOf(address(this)) > 0) { IBaseVault(partnerVault).applyGovernance(); } } /// @inheritdoc IPartnerUtilityManager function forfeitPartnerGovernance(uint256 amount) public { 103: /// @dev partnerGovernance is kept in this contract and not sent to vaults to avoid governance attacks. address(partnerGovernance).safeTransferFrom(msg.sender, address(this), amount); } /// @inheritdoc IUtilityManager function claimMultiple(uint256 amount) public virtual override { 129: /// @dev Must transfer weight amount to this manager address. if (weightAvailable < amount) { IBaseVault(partnerVault).clearWeight(amount - weightAvailable); } super.claimWeight(amount); } /// @inheritdoc IUtilityManager function claimBoost(uint256 amount) public virtual override checkBoost(amount) { 140: /// @dev Must transfer boost amount to this manager address. if (boostAvailable < amount) IBaseVault(partnerVault).clearBoost(amount - boostAvailable); super.claimBoost(amount); } /// @inheritdoc IUtilityManager function claimGovernance(uint256 amount) public virtual override checkGovernance(amount) { 149: /// @dev Must transfer governance amount to this manager address. if (governanceAvailable < amount) { IBaseVault(partnerVault).clearGovernance(amount - governanceAvailable); } super.claimGovernance(amount); } /// @inheritdoc IPartnerUtilityManager function claimPartnerGovernance(uint256 amount) public checkPartnerGovernance(amount) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L74
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L84
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L94
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L103
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L129
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L140
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/PartnerUtilityManager.sol#L149
File: DateTimeLib.sol 42: /// @solidity memory-safe-assembly assembly { epochDay := add(epochDay, 719468) let doe := mod(epochDay, 146097) let yoe := div(sub(sub(add(doe, div(doe, 36524)), div(doe, 1460)), eq(doe, 146096)), 365) let doy := sub(doe, sub(add(mul(365, yoe), shr(2, yoe)), div(yoe, 100))) let mp := div(add(mul(5, doy), 2), 153) month := sub(add(mp, 3), mul(gt(mp, 9), 12)) } } /// @dev Returns the weekday from the unix timestamp. /// Monday: 1, Tuesday: 2, ....., Sunday: 7. function isTuesday(uint256 timestamp) internal pure returns (bool result, uint256 startOfDay) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/libraries/DateTimeLib.sol#L42
File: GovernorBravoDelegator.sol 65: /** * @dev Delegates execution to an implementation contract. * It returns to the external caller whatever the implementation returns * or forwards reverts. */ fallback() external payable { // delegate all other functions to current implementation (bool success,) = implementation.delegatecall(msg.data); assembly {
File: FlywheelBoosterGaugeWeight.sol 58: /// @inheritdoc IFlywheelBooster /// @dev User's gauge weight allocated to the strategy function boostedBalanceOf(ERC20 strategy, address user) external view returns (uint256) {
File: FlywheelGaugeRewards.sol 73: /// @dev Update minter cycle and queue rewars if needed. /// This will make this call fail if it is a new epoch, because the minter calls this function, the first call would fail with "CycleError()". /// Should be called through Minter to kickoff new epoch. minter.updatePeriod(); // next cycle is always the next even divisor of the cycle length above current block timestamp. uint32 currentCycle = (block.timestamp.toUint32() / gaugeCycleLength) * gaugeCycleLength; uint32 lastCycle = gaugeCycle; // ensure new cycle has begun if (currentCycle <= lastCycle) revert CycleError(); gaugeCycle = currentCycle; // queue the rewards stream and sanity check the tokens were received uint256 balanceBefore = rewardToken.balanceOf(address(this)); totalQueuedForCycle = minter.getRewards(); require(rewardToken.balanceOf(address(this)) - balanceBefore >= totalQueuedForCycle); // include uncompleted cycle totalQueuedForCycle += nextCycleQueuedRewards; // iterate over all gauges and update the rewards allocations address[] memory gauges = gaugeToken.gauges(); _queueRewards(gauges, currentCycle, lastCycle, totalQueuedForCycle); nextCycleQueuedRewards = 0; paginationOffset = 0; emit CycleStart(currentCycle, totalQueuedForCycle); } /// @inheritdoc IFlywheelGaugeRewards function queueRewardsForCyclePaginated(uint256 numRewards) external { 108: /// @dev Update minter cycle and queue rewars if needed. /// This will make this call fail if it is a new epoch, because the minter calls this function, the first call would fail with "CycleError()". /// Should be called through Minter to kickoff new epoch. minter.updatePeriod(); // next cycle is always the next even divisor of the cycle length above current block timestamp. uint32 currentCycle = (block.timestamp.toUint32() / gaugeCycleLength) * gaugeCycleLength; uint32 lastCycle = gaugeCycle; // ensure new cycle has begun if (currentCycle <= lastCycle) revert CycleError(); if (currentCycle > nextCycle) {
File: BoostAggregator.sol 120: /// @dev protocol rewards stay in stake contract protocolRewards += newProtocolRewards; pendingRewards -= newProtocolRewards; address rewardsDepot = userToRewardsDepot[user]; if (rewardsDepot != address(0)) { // claim rewards to user's rewardsDepot uniswapV3Staker.claimReward(rewardsDepot, pendingRewards); } else { // claim rewards to user uniswapV3Staker.claimReward(user, pendingRewards); } } // withdraw rewards from Uniswap V3 Staker uniswapV3Staker.withdrawToken(tokenId, user, ""); } /*////////////////////////////////////////////////////////////// ADMIN LOGIC //////////////////////////////////////////////////////////////*/ /// @inheritdoc IBoostAggregator function addWhitelistedAddress(address user) external onlyOwner { 166: /// @dev May run out of gas. hermesGaugeBoost.decrementAllGaugesAllBoost(); address(hermesGaugeBoost).safeTransfer(to, hermesGaugeBoost.balanceOf(address(this))); } /// @inheritdoc IBoostAggregator function withdrawGaugeBoost(address to, uint256 amount) external onlyOwner { 173: /// @dev May run out of gas. hermesGaugeBoost.decrementAllGaugesBoost(amount); hermesGaugeBoost.updateUserBoost(address(this)); address(hermesGaugeBoost).safeTransfer(to, amount); } /// @inheritdoc IBoostAggregator function decrementGaugesBoostIndexed(uint256 boost, uint256 offset, uint256 num) external onlyOwner {
File: PoolVariables.sol 94: /// @dev Rounds tick down towards negative infinity so that it's a multiple /// of `tickSpacing`. function floor(int24 tick, int24 tickSpacing) internal pure returns (int24) { 167: /// @dev Calc base ticks depending on base threshold and tickspacing function baseTicks(int24 currentTick, int24 baseThreshold, int24 tickSpacing) private pure returns (int24 tickLower, int24 tickUpper) { 206: /// @dev Fetches time-weighted average price in ticks from Uniswap pool for specified duration function getTwap(IUniswapV3Pool pool, uint32 twapDuration) private view returns (int24) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L94
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L167
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L206
File: UlyssesPool.sol 113: /** * @dev bandwidthStateList first element has always 0 bandwidth * so this line will never fail and return 0 instead */ return bandwidthStateList[destinations[destinationId]].bandwidth; } /// @inheritdoc IUlyssesPool function getBandwidthStateList() external view returns (BandwidthState[] memory) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L113
File: MulticallRootRouter.sol 164: /// @inheritdoc IRootRouter /// @dev This function will revert when called. function anyExecuteResponse(bytes1, bytes calldata, uint24) external payable override returns (bool, bytes memory) { 175: /** * @inheritdoc IRootRouter * @dev FuncIDs * * FUNC ID | FUNC NAME * 0x01 | multicallNoOutput * 0x02 | multicallSingleOutput * 0x03 | multicallMultipleOutput * */ function anyExecute(bytes1 funcId, bytes calldata encodedData, uint24) external payable override lock requiresExecutor returns (bool, bytes memory) { 258: /** * @inheritdoc IRootRouter * @dev FuncIDs * * FUNC ID | FUNC NAME * 0x01 | multicallNoOutput * 0x02 | multicallSingleOutput * 0x03 | multicallMultipleOutput * */ function anyExecuteSigned(bytes1 funcId, bytes calldata encodedData, address userAccount, uint24) external payable override lock requiresExecutor returns (bool, bytes memory) { 327: /// UNRECOGNIZED FUNC ID } else { return (false, "FuncID not recognized!"); } return (true, ""); } /** * @inheritdoc IRootRouter * @dev FuncIDs * * FUNC ID | FUNC NAME * 0x01 | multicallNoOutput * 0x02 | multicallSingleOutput * 0x03 | multicallMultipleOutput * */ function anyExecuteSignedDepositSingle( bytes1 funcId, bytes calldata encodedData, DepositParams calldata, address userAccount, uint24 ) external payable override requiresExecutor lock returns (bool success, bytes memory result) { 403: /// UNRECOGNIZED FUNC ID } else { return (false, "FuncID not recognized!"); } return (true, ""); } /** * @inheritdoc IRootRouter * @dev FuncIDs * * FUNC ID | FUNC NAME * 0x01 | multicallNoOutput * 0x02 | multicallSingleOutput * 0x03 | multicallMultipleOutput * */ function anyExecuteSignedDepositMultiple( bytes1 funcId, bytes memory encodedData, DepositMultipleParams calldata, address userAccount, uint24 ) external payable requiresExecutor lock returns (bool success, bytes memory result) {
File: UniswapV3Staker.sol 215: /// @dev Upon receiving a Uniswap V3 ERC721, create the token deposit and /// _stakes in current incentive setting owner to `from`. /// @inheritdoc IERC721Receiver function onERC721Received(address, address from, uint256 tokenId, bytes calldata) external override returns (bytes4) { 475: /// @dev Stakes a deposited token without doing an already staked in another position check function _stakeToken(uint256 tokenId, IUniswapV3Pool pool, int24 tickLower, int24 tickUpper, uint128 liquidity) private {
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L215
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L475
</details>File: IncentiveTime.sol 18: /// @dev The start of the incentive is the start of the week (Thursday 12:00:00 UTC) that the timestamp falls in /// Remove Offset, rounds down to nearest week, adds offset back return uint96(((timestamp - INCENTIVES_OFFSET) / INCENTIVES_DURATION) * INCENTIVES_DURATION + INCENTIVES_OFFSET); } function computeEnd(uint256 timestamp) internal pure returns (uint96 end) { 24: /// @dev The end of the incentive is the end of the week (Thursday 12:00:00 UTC) that the timestamp falls in /// Remove Offset, rounds up to nearest week, adds offset back return uint96( (((timestamp - INCENTIVES_OFFSET) / INCENTIVES_DURATION) + 1) * INCENTIVES_DURATION + INCENTIVES_OFFSET ); } function getEnd(uint96 start) internal pure returns (uint96 end) {
Code base has an extensive use of named function calls, but it somehow missed one instance where this would be appropriate.
It should use named function calls on function call, as such:
library.exampleFunction{value: _data.amount.value}({ _id: _data.id, _amount: _data.amount.value, _token: _data.token, _example: "", _metadata: _data.metadata });
File: GovernorBravoDelegateMaia.sol 216: timelock.executeTransaction{value: proposal.values[i]}( proposal.targets[i], proposal.values[i], proposal.signatures[i], proposal.calldatas[i], proposal.eta );
bytes or bytes32 for clearer semantic meaningUsing a <a href="https://ethereum.stackexchange.com/questions/30912/how-to-compare-strings-in-solidity#answer-82739">cast</a> on a single argument, rather than abi.encodePacked() makes the intended operation more clear, leading to less reviewer confusion.
File: ArbitrumCoreBranchRouter.sol 56: bytes memory packedData = abi.encodePacked(bytes1(0x02), data);
File: ArbitrumCoreBranchRouter.sol 101: bytes memory packedData = abi.encodePacked(bytes1(0x04), data);
File: CoreBranchRouter.sol 51: bytes memory packedData = abi.encodePacked(bytes1(0x01), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L51
File: CoreBranchRouter.sol 75: bytes memory packedData = abi.encodePacked(bytes1(0x02), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L75
File: CoreBranchRouter.sol 108: bytes memory packedData = abi.encodePacked(bytes1(0x03), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L108
File: CoreBranchRouter.sol 151: bytes memory packedData = abi.encodePacked(bytes1(0x04), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L151
File: CoreRootRouter.sol 112: bytes memory packedData = abi.encodePacked(bytes1(0x02), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L112
File: CoreRootRouter.sol 163: bytes memory packedData = abi.encodePacked(bytes1(0x01), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L163
File: CoreRootRouter.sol 241: bytes memory packedData = abi.encodePacked(bytes1(0x03), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L241
File: CoreRootRouter.sol 262: bytes memory packedData = abi.encodePacked(bytes1(0x04), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L262
File: CoreRootRouter.sol 285: bytes memory packedData = abi.encodePacked(bytes1(0x05), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L285
File: CoreRootRouter.sol 312: bytes memory packedData = abi.encodePacked(bytes1(0x06), data);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L312
File: RootBridgeAgent.sol 558: bytes memory newGas = abi.encodePacked(_manageGasOut(settlement.toChain));
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L558
</details>#0 - c4-judge
2023-07-11T08:02:03Z
trust1995 marked the issue as grade-a
#1 - c4-sponsor
2023-07-12T21:50:24Z
0xBugsy marked the issue as sponsor confirmed
#2 - 0xLightt
2023-09-07T11:09:48Z
🌟 Selected for report: Raihan
Also found by: 0x11singh99, 0xAnah, 0xSmartContract, 0xn006e7, Aymen0909, DavidGiladi, IllIllI, JCN, Jorgect, MohammedRizwan, Rageur, ReyAdmirado, Rickard, Rolezn, SAQ, SM3_SS, Sathish9098, TheSavageTeddy, hunter_w3b, kaveyjoe, lsaudit, matrix_0wl, naman1778, petrichor, shamsulhaq123, wahedtalash77
610.3258 USDC - $610.33
| Issue | Contexts | Estimated Gas Saved | |
|---|---|---|---|
| GAS‑1 | abi.encode() is less efficient than abi.encodepacked() | 20 | 2000 |
| GAS‑2 | Consider activating via-ir for deploying | 1 | 250 |
| GAS‑3 | Use assembly in place of abi.decode to extract calldata values more efficiently | 2 | 224 |
| GAS‑4 | Use assembly to emit events | 146 | 5548 |
| GAS‑5 | Using fixed bytes is cheaper than using string | 1 | 13 |
| GAS‑6 | Using delete statement can save gas | 28 | 224 |
| GAS‑7 | Using > 0 costs more gas than != 0 when used on a uint in a require() statement | 2 | 12 |
| GAS‑8 | Multiple accesses of a mapping/array should use a local variable cache | 439 | 35120 |
| GAS‑9 | Optimize names to save gas | 80 | 1760 |
| GAS‑10 | Using private rather than public for constants, saves gas | 20 | 68000 |
| GAS‑11 | require() Should Be Used Instead Of assert() | 3 | 24 |
| GAS‑12 | The result of a function call should be cached rather than re-calling the function | 394 | 19700 |
| GAS‑13 | Shorten the array rather than copying to a new one | 23 | 1150 |
| GAS‑14 | Splitting require() Statements That Use && Saves Gas | 1 | 9 |
| GAS‑15 | State variables can be packed into fewer storage slots | 1 | 2000 |
| GAS‑16 | Help The Optimizer By Saving A Storage Variable’s Reference Instead Of Repeatedly Fetching It | 23 | 1242 |
| GAS‑17 | Use v4.9.0 OpenZeppelin contracts | 1 | 28 |
| GAS‑18 | Use Short Circuiting rules to your advantage | 1 | 1000 |
Total: 1186 contexts over 18 issues
abi.encode() is less efficient than abi.encodepacked()See for more information: https://github.com/ConnorBlockchain/Solidity-Encode-Gas-Comparison
File: ERC20MultiVotes.sol 368: "/x19/x01", DOMAIN_SEPARATOR(), keccak256(abi.encode(DELEGATION_TYPEHASH, delegatee, nonce, expiry))
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L368
File: GovernorBravoDelegateMaia.sol 198: !timelock.queuedTransactions(keccak256(abi.encode(target, value, signature, data, eta))),
File: GovernorBravoDelegateMaia.sol 346: keccak256(abi.encode(DOMAIN_TYPEHASH, keccak256(bytes(name)), getChainIdInternal(), address(this)));
File: GovernorBravoDelegateMaia.sol 347: bytes32 structHash = keccak256(abi.encode(BALLOT_TYPEHASH, proposalId, support));
File: PoolActions.sol 51: abi.encode(SwapCallbackData({zeroForOne: zeroForOne}))
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolActions.sol#L51
File: ArbitrumCoreBranchRouter.sol 53: bytes memory data = abi.encode(_underlyingAddress, address(0), name, symbol);
File: ArbitrumCoreBranchRouter.sol 98: bytes memory data = abi.encode(newBridgeAgent, _rootBridgeAgent);
File: CoreBranchRouter.sol 48: bytes memory data = abi.encode(msg.sender, _globalAddress, _toChain, _rootExecutionGas);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L48
File: CoreBranchRouter.sol 72: bytes memory data = abi.encode(_underlyingAddress, newToken, name, symbol);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L72
File: CoreBranchRouter.sol 105: bytes memory data = abi.encode(_globalAddress, newToken);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L105
File: CoreBranchRouter.sol 148: bytes memory data = abi.encode(newBridgeAgent, _rootBridgeAgent);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L148
File: CoreRootRouter.sol 107: bytes memory data = abi.encode(
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L107
File: CoreRootRouter.sol 158: bytes memory data = abi.encode(
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L158
File: CoreRootRouter.sol 238: bytes memory data = abi.encode(_branchBridgeAgentFactory);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L238
File: CoreRootRouter.sol 259: bytes memory data = abi.encode(_branchBridgeAgent);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L259
File: CoreRootRouter.sol 282: bytes memory data = abi.encode(_underlyingToken, _minimumReservesRatio);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L282
File: CoreRootRouter.sol 309: bytes memory data = abi.encode(_portStrategy, _underlyingToken, _dailyManagementLimit, _isUpdateDailyLimit);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreRootRouter.sol#L309
File: RootBridgeAgent.sol 689: abi.encode(SwapCallbackData({tokenIn: gasTokenGlobalAddress}))
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L689
File: RootBridgeAgent.sol 733: abi.encode(SwapCallbackData({tokenIn: address(wrappedNativeToken)}))
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L733
File: IncentiveId.sol 17: return keccak256(abi.encode(key));
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/IncentiveId.sol#L17
</details>via-ir for deployingThe IR-based code generator was introduced with an aim to not only allow code generation to be more transparent and auditable but also to enable more powerful optimization passes that span across functions.
You can enable it on the command line using --via-ir or with the option {"viaIR": true}.
This will take longer to compile, but you can just simple test it before deploying and if you got a better benchmark then you can add --via-ir to your deploy command
More on: https://docs.soliditylang.org/en/v0.8.17/ir-breaking-changes.html
abi.decode to extract calldata values more efficientlyInstead of using abi.decode, we can use assembly to decode our desired calldata values directly. This will allow us to avoid decoding calldata values that we will not use.
For example, for a generic abi.decode call:
(bytes32 varA, bytes32 varB, uint256 varC, uint256 varD) = abi.decode(metadata, (bytes32, bytes32, uint256, uint256));
We can use the following assembly call to extract the relevant metadata:
bytes32 varA; bytes32 varB; uint256 varC; uint256 varD; { // used to discard `data` variable and avoid extra stack manipulation bytes calldata data = metadata; assembly { varA := calldataload(add(data.offset, 0x00)) varB := calldataload(add(data.offset, 0x20)) varC := calldataload(add(data.offset, 0x40)) varD := calldataload(add(data.offset, 0x60)) } }
File: ArbitrumCoreBranchRouter.sol 143: (address underlyingToken, uint256 minimumReservesRatio) = abi.decode(_data[1:], (address, uint256));
File: CoreBranchRouter.sol 268: (address underlyingToken, uint256 minimumReservesRatio) = abi.decode(_data[1:], (address, uint256));
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L268
We can use assembly to emit events efficiently by utilizing scratch space and the free memory pointer. This will allow us to potentially avoid memory expansion costs.
Note: In order to do this optimization safely, we will need to cache and restore the free memory pointer.
For example, for a generic emit event for eventSentAmountExample:
// uint256 id, uint256 value, uint256 amount emit eventSentAmountExample(id, value, amount);
We can use the following assembly emit events:
assembly { let memptr := mload(0x40) mstore(0x00, calldataload(0x44)) mstore(0x20, calldataload(0xa4)) mstore(0x40, amount) log1( 0x00, 0x60, // keccak256("eventSentAmountExample(uint256,uint256,uint256)") 0xa622cf392588fbf2cd020ff96b2f4ebd9c76d7a4bc7f3e6b2f18012312e76bc3 ) mstore(0x40, memptr) }
File: ERC20Boost.sol 128: emit UpdateUserBoost(user, userGaugeBoost); 134: emit Attach(user, msg.sender, userGaugeBoost);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L128
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L134
File: ERC20Boost.sol 142: emit Detach(user, msg.sender);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L142
File: ERC20Boost.sol 171: emit UpdateUserBoost(user, userBoost);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L171
File: ERC20Boost.sol 181: emit Detach(msg.sender, gauge); 185: emit DecrementUserGaugeBoost(msg.sender, gauge, gaugeState.userGaugeBoost);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L181
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L185
File: ERC20Boost.sol 194: emit Detach(msg.sender, gauge);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L194
File: ERC20Boost.sol 216: emit Detach(msg.sender, gauge); 220: emit DecrementUserGaugeBoost(msg.sender, gauge, gaugeState.userGaugeBoost);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L216
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L220
File: ERC20Boost.sol 242: emit Detach(msg.sender, gauge); 251: emit UpdateUserBoost(msg.sender, 0);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L242
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L251
File: ERC20Boost.sol 269: emit AddGauge(gauge);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L269
File: ERC20Boost.sol 281: emit RemoveGauge(gauge);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L281
File: ERC20Gauges.sol 219: emit IncrementGaugeWeight(user, gauge, weight, cycle);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L219
File: ERC20Gauges.sol 307: emit DecrementGaugeWeight(user, gauge, weight, cycle);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L307
File: ERC20Gauges.sol 421: emit AddGauge(gauge);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L421
File: ERC20Gauges.sol 445: emit RemoveGauge(gauge);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L445
File: ERC20Gauges.sol 459: emit MaxGaugesUpdate(oldMax, newMax);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L459
File: ERC20Gauges.sol 468: emit CanContractExceedMaxGaugesUpdate(account, canExceedMax);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L468
File: ERC20MultiVotes.sol 100: emit MaxDelegatesUpdate(oldMax, newMax);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L100
File: ERC20MultiVotes.sol 109: emit CanContractExceedMaxDelegatesUpdate(account, canExceedMax);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L109
File: ERC20MultiVotes.sol 178: emit DelegateChanged(delegator, oldDelegatee, newDelegatee);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L178
File: ERC20MultiVotes.sol 202: emit Delegation(delegator, delegatee, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L202
File: ERC20MultiVotes.sol 231: emit Undelegation(delegator, delegatee, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L231
File: ERC20MultiVotes.sol 255: emit DelegateVotesChanged(delegatee, oldWeight, newWeight);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L255
File: ERC20MultiVotes.sol 347: emit Undelegation(user, delegatee, votesToFree);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L347
File: ERC4626.sol 41: emit Deposit(msg.sender, receiver, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L41
File: ERC4626.sol 55: emit Deposit(msg.sender, receiver, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L55
File: ERC4626.sol 74: emit Withdraw(msg.sender, receiver, owner, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L74
File: ERC4626.sol 94: emit Withdraw(msg.sender, receiver, owner, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L94
File: ERC4626DepositOnly.sol 41: emit Deposit(msg.sender, receiver, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626DepositOnly.sol#L41
File: ERC4626DepositOnly.sol 55: emit Deposit(msg.sender, receiver, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626DepositOnly.sol#L55
File: ERC4626MultiToken.sol 57: emit AssetAdded(_assets[i], _weights[i]);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L57
File: ERC4626MultiToken.sol 107: emit Deposit(msg.sender, receiver, assetsAmounts, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L107
File: ERC4626MultiToken.sol 126: emit Deposit(msg.sender, receiver, assetsAmounts, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L126
File: ERC4626MultiToken.sol 150: emit Withdraw(msg.sender, receiver, owner, assetsAmounts, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L150
File: ERC4626MultiToken.sol 182: emit Withdraw(msg.sender, receiver, owner, assetsAmounts, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L182
File: UlyssesERC4626.sol 44: emit Deposit(msg.sender, receiver, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L44
File: UlyssesERC4626.sol 56: emit Deposit(msg.sender, receiver, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L56
File: UlyssesERC4626.sol 77: emit Withdraw(msg.sender, receiver, owner, assets, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L77
File: BaseV2Gauge.sol 93: emit Distribute(accruedRewards, _newEpoch);
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L93
File: BaseV2Gauge.sol 140: emit AddedBribeFlywheel(bribeFlywheel);
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L140
File: BaseV2Gauge.sol 151: emit RemoveBribeFlywheel(bribeFlywheel);
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L151
File: UniswapV3Gauge.sol 65: emit NewMinimumWidth(_minimumWidth);
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/UniswapV3Gauge.sol#L65
File: BaseV2GaugeManager.sol 117: emit AddedGaugeFactory(address(gaugeFactory));
File: BaseV2GaugeManager.sol 129: emit RemovedGaugeFactory(address(gaugeFactory));
File: BaseV2GaugeManager.sol 141: emit ChangedbHermesGaugeOwner(newOwner);
File: BaseV2GaugeManager.sol 148: emit ChangedAdmin(newAdmin);
File: BribesFactory.sol 98: emit BribeFlywheelCreated(bribeToken, flywheel);
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BribesFactory.sol#L98
File: GovernorBravoDelegateMaia.sol 187: emit ProposalQueued(proposalId, eta);
File: GovernorBravoDelegateMaia.sol 220: emit ProposalExecuted(proposalId);
File: GovernorBravoDelegateMaia.sol 257: emit ProposalCanceled(proposalId);
File: GovernorBravoDelegateMaia.sol 327: emit VoteCast(msg.sender, proposalId, support, castVoteInternal(msg.sender, proposalId, support), "");
File: GovernorBravoDelegateMaia.sol 337: emit VoteCast(msg.sender, proposalId, support, castVoteInternal(msg.sender, proposalId, support), reason);
File: GovernorBravoDelegateMaia.sol 351: emit VoteCast(signatory, proposalId, support, castVoteInternal(signatory, proposalId, support), "");
File: GovernorBravoDelegateMaia.sol 406: emit VotingDelaySet(oldVotingDelay, votingDelay);
File: GovernorBravoDelegateMaia.sol 422: emit VotingPeriodSet(oldVotingPeriod, votingPeriod);
File: GovernorBravoDelegateMaia.sol 439: emit ProposalThresholdSet(oldProposalThreshold, proposalThreshold);
File: GovernorBravoDelegateMaia.sol 454: emit WhitelistAccountExpirationSet(account, expiration);
File: GovernorBravoDelegateMaia.sol 466: emit WhitelistGuardianSet(oldGuardian, whitelistGuardian);
File: GovernorBravoDelegateMaia.sol 498: emit NewPendingAdmin(oldPendingAdmin, newPendingAdmin);
File: GovernorBravoDelegateMaia.sol 521: emit NewAdmin(oldAdmin, admin); 522: emit NewPendingAdmin(oldPendingAdmin, pendingAdmin);
File: GovernorBravoDelegator.sol 50: emit NewImplementation(oldImplementation, implementation);
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L50
File: UtilityManager.sol 74: emit ForfeitWeight(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L74
File: UtilityManager.sol 83: emit ForfeitBoost(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L83
File: UtilityManager.sol 92: emit ForfeitGovernance(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L92
File: UtilityManager.sol 115: emit ClaimWeight(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L115
File: UtilityManager.sol 124: emit ClaimBoost(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L124
File: UtilityManager.sol 133: emit ClaimGovernance(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/UtilityManager.sol#L133
File: BaseV2Minter.sol 147: emit Mint(msg.sender, newWeeklyEmission, _circulatingSupply, _growth, share);
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L147
File: PartnerManagerFactory.sol 63: emit AddedPartner(newPartnerManager, id);
File: PartnerManagerFactory.sol 72: emit AddedVault(newVault, id);
File: PartnerManagerFactory.sol 85: emit RemovedPartner(partnerManager);
File: PartnerManagerFactory.sol 94: emit RemovedVault(vault);
File: ERC4626PartnerManager.sol 208: emit MigratePartnerVault(address(this), newPartnerVault);
https://github.com/code-423n4/2023-05-maia/tree/main/src/maia/tokens/ERC4626PartnerManager.sol#L208
File: GovernorBravoDelegator.sol 49: emit NewImplementation(oldImplementation, implementation);
File: FlywheelCore.sol 102: emit ClaimRewards(user, accrued);
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L102
File: FlywheelCore.sol 121: emit AddStrategy(address(strategy));
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L121
File: FlywheelCore.sol 133: emit FlywheelRewardsUpdate(address(newFlywheelRewards));
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L133
File: FlywheelCore.sol 140: emit FlywheelBoosterUpdate(address(newBooster));
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L140
File: FlywheelCore.sol 206: emit AccrueRewards(strategy, user, supplierDelta, index);
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L206
File: MultiRewardsDepot.sol 53: emit AssetAdded(rewardsContract, asset);
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/depots/MultiRewardsDepot.sol#L53
File: MultiRewardsDepot.sol 60: emit AssetRemoved(rewardsContract, _assets[rewardsContract]);
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/depots/MultiRewardsDepot.sol#L60
File: FlywheelAcummulatedRewards.sol 53: emit NewRewardsCycle(timestamp, newEndCycle, amount);
File: FlywheelBribeRewards.sol 41: emit AddRewardsDepot(msg.sender, rewardsDepot);
File: FlywheelGaugeRewards.sol 103: emit CycleStart(currentCycle, totalQueuedForCycle);
File: FlywheelGaugeRewards.sol 147: emit CycleStart(currentCycle, queued);
File: FlywheelGaugeRewards.sol 195: emit QueueRewards(address(gauge), currentCycle, nextRewards);
File: TalosStrategyVanilla.sol 124: emit CollectFees(earnedProtocolFees0, earnedProtocolFees1, collect0, collect1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L124
File: TalosStrategyVanilla.sol 133: emit Snapshot(balance0, balance1); 152: emit CompoundFees(amount0, amount1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L133
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/TalosStrategyVanilla.sol#L152
File: TalosBaseStrategy.sol 160: emit Initialize(tokenId, msg.sender, receiver, amount0, amount1, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L160
File: TalosBaseStrategy.sol 221: emit Deposit(msg.sender, receiver, amount0, amount1, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L221
File: TalosBaseStrategy.sol 279: emit Redeem(msg.sender, receiver, _owner, amount0, amount1, shares);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L279
File: TalosBaseStrategy.sol 305: emit Rerange(tokenId, tickLower, tickUpper, amount0, amount1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L305
File: TalosBaseStrategy.sol 318: emit Rerange(tokenId, tickLower, tickUpper, amount0, amount1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L318
File: TalosBaseStrategy.sol 414: emit RewardPaid(msg.sender, amount0, amount1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L414
File: PoolActions.sol 71: emit Snapshot(balance0, balance1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolActions.sol#L71
File: PoolVariables.sol 229: emit Snapshot(cache.amount0Desired, cache.amount1Desired);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L229
File: UlyssesPool.sol 1140: emit Swap(msg.sender, poolId, assets);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L1140
File: UlyssesToken.sol 54: emit AssetAdded(asset, _weight);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L54
File: UlyssesToken.sol 80: emit AssetRemoved(asset);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L80
File: UlyssesToken.sol 98: emit AssetRemoved(assets[i]); 99: emit AssetAdded(assets[i], _weights[i]);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L98-L99
File: BranchBridgeAgent.sol 1214: emit LogCallin(flag, data, rootChainId); 1214: emit LogCallin(flag, data, rootChainId);
File: BranchBridgeAgent.sol 1250: emit LogCalloutFail(flag, data, rootChainId); 1250: emit LogCalloutFail(flag, data, rootChainId); 1250: emit LogCalloutFail(flag, data, rootChainId); 1250: emit LogCalloutFail(flag, data, rootChainId);
File: BranchPort.sol 168: emit DebtCreated(msg.sender, _token, _amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L168
File: BranchPort.sol 185: emit DebtRepaid(_strategy, _token, amountToWithdraw);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L185
File: BranchPort.sol 313: emit BridgeAgentFactoryAdded(_newBridgeAgentFactory);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L313
File: BranchPort.sol 320: emit BridgeAgentFactoryToggled(_newBridgeAgentFactory);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L320
File: BranchPort.sol 327: emit BridgeAgentToggled(_bridgeAgent);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L327
File: BranchPort.sol 338: emit StrategyTokenAdded(_token, _minimumReservesRatio);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L338
File: BranchPort.sol 345: emit StrategyTokenToggled(_token);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L345
File: BranchPort.sol 359: emit PortStrategyAdded(_portStrategy, _token, _dailyManagementLimit);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L359
File: BranchPort.sol 366: emit PortStrategyToggled(_portStrategy, _token);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L366
File: BranchPort.sol 376: emit PortStrategyUpdated(_portStrategy, _token, _dailyManagementLimit);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L376
File: RootBridgeAgent.sol 1168: emit LogCallin(flag, data, fromChainId);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1168
File: RootBridgeAgent.sol 1211: emit LogCalloutFail(flag, data, fromChainId);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1211
File: RootPort.sol 257: emit LocalTokenAdded(_underlyingAddress, _localAddress, _globalAddress, _fromChain);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L257
File: RootPort.sol 268: emit GlobalTokenAdded(_localAddress, _globalAddress, _fromChain);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L268
File: RootPort.sol 353: emit VirtualAccountCreated(_user, address(newAccount));
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L353
File: RootPort.sol 374: emit BridgeAgentAdded(_bridgeAgent, _manager);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L374
File: RootPort.sol 391: emit BridgeAgentSynced(_newBranchBridgeAgent, _rootBridgeAgent, _branchChainId);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L391
File: RootPort.sol 402: emit BridgeAgentToggled(_bridgeAgent);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L402
File: RootPort.sol 409: emit BridgeAgentFactoryAdded(_bridgeAgentFactory);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L409
File: RootPort.sol 416: emit BridgeAgentFactoryToggled(_bridgeAgentFactory);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L416
File: RootPort.sol 480: emit NewChainAdded(_chainId);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L480
File: RootPort.sol 487: emit GasPoolInfoSet(_chainId, _gasPoolInfo);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L487
File: RootPort.sol 502: emit EcosystemTokenAdded(_ecoTokenGlobalAddress);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L502
File: UniswapV3Staker.sol 153: emit IncentiveCreated(pool, startTime, reward);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L153
File: UniswapV3Staker.sol 179: emit IncentiveCreated(key.pool, startTime, reward);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L179
File: UniswapV3Staker.sol 208: emit IncentiveEnded(incentiveId, refund);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L208
File: UniswapV3Staker.sol 230: emit DepositTransferred(tokenId, address(0), from);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L230
File: UniswapV3Staker.sol 252: emit DepositTransferred(tokenId, msg.sender, address(0));
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L252
File: UniswapV3Staker.sol 273: emit RewardClaimed(to, reward);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L273
File: UniswapV3Staker.sol 283: emit RewardClaimed(to, reward);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L283
File: UniswapV3Staker.sol 458: emit TokenUnstaked(tokenId, incentiveId);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L458
File: UniswapV3Staker.sol 518: emit TokenStaked(tokenId, incentiveId, liquidity);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L518
File: UniswapV3Staker.sol 532: emit GaugeUpdated(uniswapV3Pool, uniswapV3Gauge);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L532
File: UniswapV3Staker.sol 548: emit BribeDepotUpdated(uniswapV3Pool, newDepot);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L548
File: UniswapV3Staker.sol 558: emit PoolMinimumWidthUpdated(uniswapV3Pool, minimumWidth);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L558
</details>stringAs a rule of thumb, use bytes for arbitrary-length raw byte data and string for arbitrary-length string (UTF-8) data. If you can limit the length to a certain number of bytes, always use one of bytes1 to bytes32 because they are much cheaper.
File: GovernorBravoDelegateMaia.sol 9: string public constant name = "vMaia Governor Bravo";
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegateMaia.sol#L9
delete statement can save gasFile: ERC20Boost.sol 151: uint256 userBoost = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L151
File: ERC20Boost.sol 249: getUserBoost[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L249
File: ERC20MultiVotes.sol 67: uint256 low = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L67
File: ERC20MultiVotes.sol 340: _delegatesVotesCount[user][delegatee] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L340
File: GovernorBravoDelegateMaia.sol 149: newProposal.eta = 0; 156: newProposal.forVotes = 0; 157: newProposal.againstVotes = 0; 158: newProposal.abstainVotes = 0;
File: BaseV2Minter.sol 165: weekly = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/hermes/minters/BaseV2Minter.sol#L165
File: FlywheelCore.sol 98: rewardsAccrued[user] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L98
File: FlywheelAcummulatedRewards.sol 55: amount = 0;
File: FlywheelGaugeRewards.sol 100: nextCycleQueuedRewards = 0; 101: paginationOffset = 0;
File: FlywheelGaugeRewards.sol 122: paginationOffset = 0; 145: nextCycleQueuedRewards = 0; 122: paginationOffset = 0;
File: FlywheelGaugeRewards.sol 225: cycleRewardsNext = 0;
File: TalosBaseStrategy.sol 362: liquidity = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L362
File: PoolVariables.sol 211: secondsAgo[1] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L211
File: UlyssesToken.sol 78: assetId[asset] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L78
File: UniswapV3Staker.sol 202: incentive.totalRewardUnclaimed = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L202
File: UniswapV3Staker.sol 268: rewards[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L268
File: UniswapV3Staker.sol 279: rewards[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L279
File: UniswapV3Staker.sol 406: _userAttachements[owner][key.pool] = 0; 426: deposit.stakedTimestamp = 0; 454: stake.secondsPerLiquidityInsideInitialX128 = 0; 455: stake.liquidityNoOverflow = 0; 456: if (liquidity >= type(uint96).max) stake.liquidityIfOverflow = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L406
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L426
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L454
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L455
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L456
</details>> 0 costs more gas than != 0 when used on a uint in a require() statementThis change saves 6 gas per instance
File: ERC4626MultiToken.sol 52: require(_weights[i] > 0);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L52
File: UlyssesToken.sol 47: require(_weight > 0);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L47
Caching a mapping's value in a local storage or calldata variable when the value is accessed multiple times saves ~42 gas per access due to not having to perform the same offset calculation every time. Help the Optimizer by saving a storage variable's reference instead of repeatedly fetching it
To help the optimizer,declare a storage type variable and use it instead of repeatedly fetching the reference in a map or an array. As an example, instead of repeatedly calling someMap[someIndex], save its reference like this: SomeStruct storage someStruct = someMap[someIndex] and use it.
File: ERC20Boost.sol 126: if (getUserBoost[user] < userGaugeBoost) { 127: getUserBoost[user] = userGaugeBoost;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L126-L127
File: ERC20Gauges.sol 233: newUserWeight = getUserWeight[user] + weight; 239: getUserWeight[user] = newUserWeight; 318: getUserWeight[user] = newUserWeight;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L233
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L239
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L318
File: ERC20Gauges.sol 295: uint112 oldWeight = getUserGaugeWeight[user][gauge]; 299: getUserGaugeWeight[user][gauge] = oldWeight - weight;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L295
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L299
File: ERC20Gauges.sol 317: newUserWeight = getUserWeight[user] - weight; 239: getUserWeight[user] = newUserWeight; 318: getUserWeight[user] = newUserWeight;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L317
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L239
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L318
File: ERC20MultiVotes.sol 222: uint256 newDelegates = _delegatesVotesCount[delegator][delegatee] - amount; 228: _delegatesVotesCount[delegator][delegatee] = newDelegates;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L222
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L228
File: ERC20MultiVotes.sol 247: uint256 oldWeight = pos == 0 ? 0 : ckpts[pos - 1].votes; 250: if (pos > 0 && ckpts[pos - 1].fromBlock == block.number) { 251: ckpts[pos - 1].votes = newWeight.toUint224();
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L247
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L250
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L251
File: ERC20MultiVotes.sol 330: uint256 delegateVotes = _delegatesVotesCount[user][delegatee]; 340: _delegatesVotesCount[user][delegatee] = 0; 343: _delegatesVotesCount[user][delegatee] -= votesToFree;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L330
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L340
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L343
File: ERC4626.sol 65: uint256 allowed = allowance[owner][msg.sender]; 82: uint256 allowed = allowance[owner][msg.sender]; 67: if (allowed != type(uint256).max) allowance[owner][msg.sender] = allowed - shares; 84: if (allowed != type(uint256).max) allowance[owner][msg.sender] = allowed - shares;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L65
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L82
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L67
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L84
File: ERC4626MultiToken.sol 52: require(_weights[i] > 0); 54: _totalWeights += _weights[i];
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L52
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L54
File: ERC4626MultiToken.sol 141: uint256 allowed = allowance[owner][msg.sender]; 163: uint256 allowed = allowance[owner][msg.sender]; 143: if (allowed != type(uint256).max) allowance[owner][msg.sender] = allowed - shares; 165: if (allowed != type(uint256).max) allowance[owner][msg.sender] = allowed - shares;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L141
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L163
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L143
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L165
File: UlyssesERC4626.sol 66: uint256 allowed = allowance[owner][msg.sender]; 68: if (allowed != type(uint256).max) allowance[owner][msg.sender] = allowed - shares;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L66
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/UlyssesERC4626.sol#L68
File: BaseV2Gauge.sol 130: if (added[bribeFlywheel]) revert FlywheelAlreadyAdded(); 138: added[bribeFlywheel] = true;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L130
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/BaseV2Gauge.sol#L138
File: BaseV2GaugeFactory.sol 110: if (address(strategyGauges[strategy]) != address(0)) revert GaugeAlreadyExists(); 113: strategyGauges[strategy] = gauge;
File: BaseV2GaugeManager.sol 111: if (activeGaugeFactories[gaugeFactory]) revert GaugeFactoryAlreadyExists(); 115: activeGaugeFactories[gaugeFactory] = true;
File: BribesFactory.sol 73: if (address(flywheelTokens[bribeToken]) == address(0)) createBribeFlywheel(bribeToken); 75: flywheelTokens[bribeToken].addStrategyForRewards(ERC20(gauge));
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BribesFactory.sol#L73
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BribesFactory.sol#L75
File: BribesFactory.sol 80: if (address(flywheelTokens[bribeToken]) != address(0)) revert BribeFlywheelAlreadyExists(); 89: flywheelTokens[bribeToken] = flywheel;
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BribesFactory.sol#L80
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BribesFactory.sol#L89
File: FlywheelCore.sol 95: uint256 accrued = rewardsAccrued[user]; 98: rewardsAccrued[user] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L95
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L98
File: FlywheelCore.sol 116: require(strategyIndex[strategy] == 0, "strategy"); 117: strategyIndex[strategy] = ONE;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L116-L117
File: FlywheelCore.sol 183: uint256 supplierIndex = userIndex[strategy][user]; 186: userIndex[strategy][user] = index; 202: uint256 supplierAccrued = rewardsAccrued[user] + supplierDelta; 204: rewardsAccrued[user] = supplierAccrued;
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L183
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L186
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L202
https://github.com/code-423n4/2023-05-maia/tree/main/src/rewards/base/FlywheelCore.sol#L204
File: FlywheelGaugeRewards.sol 179: QueuedRewards memory queuedRewards = gaugeQueuedRewards[gauge]; 189: gaugeQueuedRewards[gauge] = QueuedRewards({
File: FlywheelGaugeRewards.sol 204: QueuedRewards memory queuedRewards = gaugeQueuedRewards[ERC20(msg.sender)]; 228: gaugeQueuedRewards[ERC20(msg.sender)] = QueuedRewards({
File: TalosBaseStrategy.sol 247: uint256 allowed = allowance[_owner][msg.sender]; 249: if (allowed != type(uint256).max) allowance[_owner][msg.sender] = allowed - shares;
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L247
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L249
File: UlyssesPool.sol 131: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 176: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 212: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 233: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 297: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 133: assets += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false); 135: assets += bandwidthStateList[i].bandwidth;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L131
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L176
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L233
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L297
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L133
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L135
File: UlyssesPool.sol 165: if (destinationIds[address(destination)] != 0 || destinationId == id) revert InvalidPool(); 131: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 176: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 212: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 233: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 297: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 178: oldRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false); 235: oldRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false); 190: uint256 oldBandwidth = bandwidthStateList[i].bandwidth; 255: uint256 oldBandwidth = bandwidthStateList[i].bandwidth; 192: bandwidthStateList[i].bandwidth = oldBandwidth.mulDivUp(oldTotalWeights, newTotalWeights).toUint248(); 194: newBandwidth += oldBandwidth - bandwidthStateList[i].bandwidth; 207: destinationIds[address(destination)] = index; 131: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 176: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 212: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 233: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 297: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 214: newRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false); 299: newRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L165
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L131
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L176
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L233
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L297
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L178
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L235
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L190
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L255
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L192
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L194
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L207
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L131
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L176
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L233
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L297
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L214
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L299
File: UlyssesPool.sol 131: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 176: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 212: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 233: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 297: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 178: oldRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false); 235: oldRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false); 190: uint256 oldBandwidth = bandwidthStateList[i].bandwidth; 255: uint256 oldBandwidth = bandwidthStateList[i].bandwidth; 192: bandwidthStateList[i].bandwidth = 257: bandwidthStateList[i].bandwidth = 260: leftOverBandwidth += oldBandwidth - bandwidthStateList[i].bandwidth; 281: bandwidthStateList[i].bandwidth += leftOverBandwidth.toUint248(); 281: bandwidthStateList[i].bandwidth += 283: bandwidthStateList[i].bandwidth += 284: leftOverBandwidth.mulDiv(bandwidthStateList[i].weight, weightsWithoutPool).toUint248(); 131: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 176: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 212: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 233: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 297: uint256 targetBandwidth = totalSupply.mulDiv(bandwidthStateList[i].weight, totalWeights); 214: newRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false); 299: newRebalancingFee += _calculateRebalancingFee(bandwidthStateList[i].bandwidth, targetBandwidth, false);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L131
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L176
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L233
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L297
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L178
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L235
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L190
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L255
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L192
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L257
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L260
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L281
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L281
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L283
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L284
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L131
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L176
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L212
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L233
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L297
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L214
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L299
File: UlyssesRouter.sol 32: ulysses = pools[id]; 38: pools[id] = ulysses;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesRouter.sol#L32
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesRouter.sol#L38
File: UlyssesToken.sol 45: if (assetId[asset] != 0) revert AssetAlreadyAdded(); 49: assetId[asset] = assets.length + 1;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L45
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L49
File: UlyssesToken.sol 62: uint256 assetIndex = assetId[asset] - 1; 78: assetId[asset] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L62
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L78
File: UlyssesToken.sol 112: uint256 assetBalance = assets[i].balanceOf(address(this)); 116: assets[i].safeTransfer(msg.sender, assetBalance - newAssetBalance); 118: assets[i].safeTransferFrom(msg.sender, address(this), newAssetBalance - assetBalance);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L112
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L116
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesToken.sol#L118
File: ArbitrumCoreBranchRouter.sol 118: if (_data[0] == 0x02) { 124: ) = abi.decode(_data[1:], (address, address, address, address, uint128)); 131: } else if (_data[0] == 0x03) { 132: (address bridgeAgentFactoryAddress) = abi.decode(_data[1:], (address)); 137: } else if (_data[0] == 0x04) { 138: (address branchBridgeAgent) = abi.decode(_data[1:], (address)); 142: } else if (_data[0] == 0x05) { 143: (address underlyingToken, uint256 minimumReservesRatio) = abi.decode(_data[1:], (address, uint256)); 147: } else if (_data[0] == 0x06) { 149: abi.decode(_data[1:], (address, address, uint256, bool));
File: BranchBridgeAgent.sol 327: if (getDeposit[_depositNonce].owner != msg.sender) revert NotDepositOwner(); 332: if (uint8(getDeposit[_depositNonce].hTokens.length) == 1) { 338: getDeposit[_depositNonce].hTokens[0], 353: getDeposit[_depositNonce].hTokens[0], 339: getDeposit[_depositNonce].tokens[0], 354: getDeposit[_depositNonce].tokens[0], 340: getDeposit[_depositNonce].amounts[0], 355: getDeposit[_depositNonce].amounts[0], 342: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 357: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 338: getDeposit[_depositNonce].hTokens[0], 353: getDeposit[_depositNonce].hTokens[0], 339: getDeposit[_depositNonce].tokens[0], 354: getDeposit[_depositNonce].tokens[0], 340: getDeposit[_depositNonce].amounts[0], 355: getDeposit[_depositNonce].amounts[0], 342: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 357: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 365: } else if (uint8(getDeposit[_depositNonce].hTokens.length) > 1) { 373: uint8(getDeposit[_depositNonce].hTokens.length), 375: getDeposit[nonce].hTokens, 389: getDeposit[nonce].hTokens, 376: getDeposit[nonce].tokens, 390: getDeposit[nonce].tokens, 377: getDeposit[nonce].amounts, 391: getDeposit[nonce].amounts, 378: _normalizeDecimalsMultiple(getDeposit[nonce].deposits, getDeposit[nonce].tokens), 392: _normalizeDecimalsMultiple(getDeposit[nonce].deposits, getDeposit[nonce].tokens), 387: uint8(getDeposit[nonce].hTokens.length), 375: getDeposit[nonce].hTokens, 389: getDeposit[nonce].hTokens, 376: getDeposit[nonce].tokens, 390: getDeposit[nonce].tokens, 377: getDeposit[nonce].amounts, 391: getDeposit[nonce].amounts, 378: _normalizeDecimalsMultiple(getDeposit[nonce].deposits, getDeposit[nonce].tokens), 392: _normalizeDecimalsMultiple(getDeposit[nonce].deposits, getDeposit[nonce].tokens), 408: getDeposit[_depositNonce].status = DepositStatus.Success; 411: getDeposit[_depositNonce].depositedGas = msg.value.toUint128();
File: BranchBridgeAgent.sol 613: _deposits[i] = uint256( 627: if (_deposits[i] > 0) {
File: BranchBridgeAgent.sol 1069: if (minExecCost > getDeposit[_depositNonce].depositedGas) { 1075: getDeposit[_depositNonce].depositedGas -= minExecCost.toUint128();
File: BranchBridgeAgent.sol 1145: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1167: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1148: if (executionHistory[nonce]) { 1170: if (executionHistory[nonce]) { 1194: if (executionHistory[nonce]) { 1162: executionHistory[nonce] = true; 1186: executionHistory[nonce] = true; 1210: executionHistory[nonce] = true; 1145: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1167: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1148: if (executionHistory[nonce]) { 1170: if (executionHistory[nonce]) { 1194: if (executionHistory[nonce]) { 1162: executionHistory[nonce] = true; 1186: executionHistory[nonce] = true; 1210: executionHistory[nonce] = true; 1148: if (executionHistory[nonce]) { 1170: if (executionHistory[nonce]) { 1194: if (executionHistory[nonce]) { 1162: executionHistory[nonce] = true; 1186: executionHistory[nonce] = true; 1210: executionHistory[nonce] = true;
File: BranchBridgeAgentExecutor.sol 135: + (uint8(bytes1(_data[PARAMS_START_SIGNED])) * uint16(PARAMS_TKN_SET_SIZE)) 144: + (uint8(bytes1(_data[PARAMS_START_SIGNED])) * uint16(PARAMS_TKN_SET_SIZE)) 135: + (uint8(bytes1(_data[PARAMS_START_SIGNED])) * uint16(PARAMS_TKN_SET_SIZE)) 144: + (uint8(bytes1(_data[PARAMS_START_SIGNED])) * uint16(PARAMS_TKN_SET_SIZE)) 149: PARAMS_END_SIGNED_OFFSET + (uint8(bytes1(_data[PARAMS_START_SIGNED])) * PARAMS_TKN_SET_SIZE):
File: BranchPort.sol 101: require(!isBridgeAgentFactory[_bridgeAgentFactory], "Contract already initialized"); 107: isBridgeAgentFactory[_bridgeAgentFactory] = true;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L101
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L107
File: BranchPort.sol 194: if (block.timestamp - lastManaged[msg.sender][_token] >= 1 days) { 198: lastManaged[msg.sender][_token] = block.timestamp;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L194
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/BranchPort.sol#L198
File: CoreBranchRouter.sol 237: if (_data[0] == 0x01) { 239: abi.decode(_data[1:], (address, string, string, uint128)); 243: } else if (_data[0] == 0x02) { 250: ) = abi.decode(_data[1:], (address, address, address, address, uint128)); 257: } else if (_data[0] == 0x03) { 258: (address bridgeAgentFactoryAddress) = abi.decode(_data[1:], (address)); 262: } else if (_data[0] == 0x04) { 263: (address branchBridgeAgent) = abi.decode(_data[1:], (address)); 267: } else if (_data[0] == 0x05) { 268: (address underlyingToken, uint256 minimumReservesRatio) = abi.decode(_data[1:], (address, uint256)); 272: } else if (_data[0] == 0x06) { 274: abi.decode(_data[1:], (address, address, uint256, bool));
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L237
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L239
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L243
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L250
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L257
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L258
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L262
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L263
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L267
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L268
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L272
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/CoreBranchRouter.sol#L274
File: RootBridgeAgent.sol 257: address depositOwner = getSettlement[_depositNonce].owner; 260: if (getSettlement[_depositNonce].status != SettlementStatus.Failed || depositOwner == address(0)) {
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L257
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L260
File: RootBridgeAgent.sol 598: if (settlement.hTokens[i] != address(0)) { 602: IPort(localPortAddress).getGlobalTokenFromLocal(settlement.hTokens[i], settlement.toChain),
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L598
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L602
File: RootBridgeAgent.sol 839: if (minExecCost > getSettlement[_settlementNonce].gasToBridgeOut) { 845: getSettlement[_settlementNonce].gasToBridgeOut -= minExecCost.toUint128();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L839
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L845
File: RootBridgeAgent.sol 916: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 941: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 966: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 916: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 941: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 966: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 916: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 941: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 966: uint32 nonce = uint32(bytes4(data[PARAMS_START:PARAMS_TKN_START])); 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 1014: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1050: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1085: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 1025: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 1061: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 1096: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 1014: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1050: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1085: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 1025: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 1061: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 1096: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 1014: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1050: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1085: uint32 nonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 1025: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 1061: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 1096: address(uint160(bytes20(data[PARAMS_START:PARAMS_START_SIGNED]))) 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 1120: uint32 nonce = uint32(bytes4(data[1:5])); 1143: uint32 nonce = uint32(bytes4(data[1:5])); 919: if (executionHistory[fromChainId][nonce]) { 944: if (executionHistory[fromChainId][nonce]) { 969: if (executionHistory[fromChainId][nonce]) { 993: if (executionHistory[fromChainId][nonce]) { 1017: if (executionHistory[fromChainId][nonce]) { 1053: if (executionHistory[fromChainId][nonce]) { 1088: if (executionHistory[fromChainId][nonce]) { 1123: if (executionHistory[fromChainId][nonce]) { 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true; 1120: uint32 nonce = uint32(bytes4(data[1:5])); 1143: uint32 nonce = uint32(bytes4(data[1:5])); 936: executionHistory[fromChainId][nonce] = true; 961: executionHistory[fromChainId][nonce] = true; 985: executionHistory[fromChainId][nonce] = true; 1009: executionHistory[fromChainId][nonce] = true; 1045: executionHistory[fromChainId][nonce] = true; 1080: executionHistory[fromChainId][nonce] = true; 1115: executionHistory[fromChainId][nonce] = true; 1138: executionHistory[fromChainId][nonce] = true; 1148: executionHistory[fromChainId][nonce] = true;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L916
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L941
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L966
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L916
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L941
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L966
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L916
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L941
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L966
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1014
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1050
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1085
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1025
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1061
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1096
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1014
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1050
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1085
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1025
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1061
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1096
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1014
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1050
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1085
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1025
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1061
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1096
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1120
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1143
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L919
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L944
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L969
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L993
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1017
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1053
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1088
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1123
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1120
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1143
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L936
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L961
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L985
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1009
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1045
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1080
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1115
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1138
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1148
File: RootBridgeAgent.sol 1198: _settlementNonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1203: _settlementNonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1198: _settlementNonce = uint32(bytes4(data[PARAMS_START_SIGNED:25])); 1203: _settlementNonce = uint32(bytes4(data[PARAMS_START_SIGNED:25]));
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1198
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1203
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1198
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1203
File: RootBridgeAgentExecutor.sol 164: PARAMS_END_OFFSET + uint16(uint8(bytes1(_data[PARAMS_START]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 174: PARAMS_END_OFFSET + uint16(uint8(bytes1(_data[PARAMS_START]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 169: uint8 numOfAssets = uint8(bytes1(_data[PARAMS_START])); 174: > PARAMS_END_OFFSET + uint16(uint8(bytes1(_data[PARAMS_START]))) * PARAMS_TKN_SET_SIZE_MULTIPLE
File: RootBridgeAgentExecutor.sol 271: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 280: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 285: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 288: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 271: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 280: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 285: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 288: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE 288: + uint16(uint8(bytes1(_data[PARAMS_START_SIGNED]))) * PARAMS_TKN_SET_SIZE_MULTIPLE:
File: RootPort.sol 492: if (isGlobalAddress[_ecoTokenGlobalAddress]) revert AlreadyAddedEcosystemToken(); 498: isGlobalAddress[_ecoTokenGlobalAddress] = true;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L492
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootPort.sol#L498
File: UniswapV3Staker.sol 263: reward = rewards[msg.sender]; 278: reward = rewards[msg.sender]; 266: rewards[msg.sender] -= reward; 268: rewards[msg.sender] = 0; 279: rewards[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L263
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L278
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L266
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L268
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L279
File: UniswapV3Staker.sol 263: reward = rewards[msg.sender]; 278: reward = rewards[msg.sender]; 268: rewards[msg.sender] = 0; 279: rewards[msg.sender] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L263
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L278
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L268
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L279
File: UniswapV3Staker.sol 402: if (hermesGaugeBoost.isUserGauge(owner, address(gauge)) && _userAttachements[owner][key.pool] == tokenId) { 406: _userAttachements[owner][key.pool] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L402
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L406
File: UniswapV3Staker.sol 483: if (incentives[incentiveId].totalRewardUnclaimed == 0) revert NonExistentIncentiveError(); 491: address tokenOwner = deposits[tokenId].owner; 501: deposits[tokenId].stakedTimestamp = uint40(block.timestamp); 502: incentives[incentiveId].numberOfStakes++;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L483
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L491
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L501
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L502
File: UniswapV3Staker.sol 531: if (address(gauges[uniswapV3Pool]) != uniswapV3Gauge) { 534: gauges[uniswapV3Pool] = UniswapV3Gauge(uniswapV3Gauge);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L531
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L534
File: UniswapV3Staker.sol 545: if (newDepot != bribeDepots[uniswapV3Pool]) { 546: bribeDepots[uniswapV3Pool] = newDepot;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L545-L546
File: UniswapV3Staker.sol 555: if (minimumWidth != poolsMinimumWidth[uniswapV3Pool]) { 556: poolsMinimumWidth[uniswapV3Pool] = minimumWidth;
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/UniswapV3Staker.sol#L555-L556
</details>Contracts most called functions could simply save gas by function ordering via Method ID. Calling a function at runtime will be cheaper if the function is positioned earlier in the order (has a relatively lower Method ID) because 22 gas are added to the cost of a function for every position that came before it. The caller can save on gas if you prioritize most called functions.
See more <a href="https://medium.com/joyso/solidity-how-does-function-name-affect-gas-consumption-in-smart-contract-47d270d8ac92">here</a>
All in-scope contracts
Find a lower method ID name for the most called functions for example Call() vs. Call1() is cheaper by 22 gas For example, the function IDs in the Gauge.sol contract will be the most used; A lower method ID may be given.
private rather than public for constants, saves gasIf needed, the values can be read from the verified contract source code, or if there are multiple values there can be a single getter function that returns a tuple of the values of all currently-public constants. Saves 3406-3606 gas in deployment gas due to the compiler not having to create non-payable getter functions for deployment calldata, not having to store the bytes of the value outside of where it's used, and not adding another entry to the method ID table
File: ERC20MultiVotes.sol 360: bytes32 public constant DELEGATION_TYPEHASH =
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L360
File: GovernorBravoDelegateMaia.sol 9: string public constant name = "vMaia Governor Bravo"; 12: uint256 public constant MIN_PROPOSAL_THRESHOLD = 0.005 ether; // 0.5% of GovToken 15: uint256 public constant MAX_PROPOSAL_THRESHOLD = 0.05 ether; // 5% of GovToken 18: uint256 public constant MIN_VOTING_PERIOD = 80640; // About 2 weeks 21: uint256 public constant MAX_VOTING_PERIOD = 161280; // About 4 weeks 24: uint256 public constant MIN_VOTING_DELAY = 40320; // About 1 weeks 27: uint256 public constant MAX_VOTING_DELAY = 80640; // About 2 weeks 30: uint256 public constant quorumVotes = 0.35 ether; // 35% of GovToken 33: uint256 public constant proposalMaxOperations = 10; // 10 actions 36: uint256 public constant DIVISIONER = 1 ether; 42: bytes32 public constant DOMAIN_TYPEHASH = 46: bytes32 public constant BALLOT_TYPEHASH = keccak256("Ballot(uint256 proposalId,uint8 support)");
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegateMaia.sol#L9
File: AnycallFlags.sol 8: uint256 public constant FLAG_NONE = 0x0; 9: uint256 public constant FLAG_MERGE_CONFIG_FLAGS = 0x1; 10: uint256 public constant FLAG_PAY_FEE_ON_DEST = 0x1 << 1; 11: uint256 public constant FLAG_ALLOW_FALLBACK = 0x1 << 2; 12: uint256 public constant FLAG_ALLOW_FALLBACK_DST = 6; 15: uint256 public constant FLAG_EXEC_START_VALUE = 0x1 << 16; 16: uint256 public constant FLAG_EXEC_FALLBACK = 0x1 << 16;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L8
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L9
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L10
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L11
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L12
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L15
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/lib/AnycallFlags.sol#L16
Set variable to private.
require() Should Be Used Instead Of assert()File: FlywheelGaugeRewards.sol 183: assert(queuedRewards.storedCycle == 0 || queuedRewards.storedCycle >= lastCycle);
File: FlywheelGaugeRewards.sol 215: assert(queuedRewards.storedCycle >= cycle);
File: RewardMath.sol 65: assert(currentTime >= startTime);
https://github.com/code-423n4/2023-05-maia/tree/main/src/uni-v3-staker/libraries/RewardMath.sol#L65
External calls are expensive. Results of external function calls should be cached rather than call them multiple times. Consider caching the following:
File: ERC20MultiVotes.sol 251: ckpts[pos - 1].votes = newWeight.toUint224(); 253: ckpts.push(Checkpoint({fromBlock: block.number.toUint32(), votes: newWeight.toUint224()}));
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L251
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L253
File: ERC4626.sol 103: function totalAssets() public view virtual returns (uint256); 109: return supply == 0 ? assets : assets.mulDiv(supply, totalAssets());
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L103
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626.sol#L109
File: ERC4626DepositOnly.sol 65: function totalAssets() public view virtual returns (uint256); 71: return supply == 0 ? assets : assets.mulDiv(supply, totalAssets());
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626DepositOnly.sol#L65
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626DepositOnly.sol#L71
File: BaseV2GaugeFactory.sol 73: function newEpoch() external { 78: if (activeGauges[_gauges[i]]) _gauges[i].newEpoch(); 94: if (activeGauges[_gauges[i]]) _gauges[i].newEpoch();
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeFactory.sol#L73
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeFactory.sol#L78
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeFactory.sol#L94
File: BaseV2GaugeManager.sol 60: function newEpoch() external { 65: if (activeGaugeFactories[_gaugeFactories[i]]) _gaugeFactories[i].newEpoch(); 81: if (activeGaugeFactories[_gaugeFactories[i]]) _gaugeFactories[i].newEpoch();
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeManager.sol#L60
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeManager.sol#L65
https://github.com/code-423n4/2023-05-maia/tree/main/src/gauges/factories/BaseV2GaugeManager.sol#L81
File: GovernorBravoDelegateMaia.sol 238: (govToken.getPriorVotes(proposal.proposer, sub256(block.number, 1)) < getProposalThresholdAmount()) 244: (govToken.getPriorVotes(proposal.proposer, sub256(block.number, 1)) < getProposalThresholdAmount()) 244: (govToken.getPriorVotes(proposal.proposer, sub256(block.number, 1)) < getProposalThresholdAmount()),
File: GovernorBravoDelegator.sol 62: if eq(success, 0) { revert(add(returnData, 0x20), returndatasize()) } 77: returndatacopy(free_mem_ptr, 0, returndatasize()) 80: case 0 { revert(free_mem_ptr, returndatasize()) } 81: default { return(free_mem_ptr, returndatasize()) }
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L62
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L77
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L80
https://github.com/code-423n4/2023-05-maia/tree/main/src/governance/GovernorBravoDelegator.sol#L81
File: GovernorBravoDelegator.sol 61: if eq(success, 0) { revert(add(returnData, 0x20), returndatasize()) } 76: returndatacopy(free_mem_ptr, 0, returndatasize()) 79: case 0 { revert(free_mem_ptr, returndatasize()) } 80: default { return(free_mem_ptr, returndatasize()) }
File: UlyssesPool.sol 192: oldBandwidth.mulDivUp(oldTotalWeights, newTotalWeights).toUint248(); 258: oldBandwidth.mulDivUp(oldTotalWeights, newTotalWeights).toUint248(); 273: oldBandwidth.mulDivUp(oldTotalWeights, newTotalWeights).toUint248(); 269: poolState.bandwidth += leftOverBandwidth.toUint248(); 273: poolState.bandwidth = oldBandwidth.mulDivUp(oldTotalWeights, newTotalWeights).toUint248(); 281: bandwidthStateList[i].bandwidth += leftOverBandwidth.toUint248(); 284: leftOverBandwidth.mulDiv(bandwidthStateList[i].weight, weightsWithoutPool).toUint248();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L192
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L258
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L273
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L269
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L273
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L281
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L284
File: UlyssesRouter.sol 74: address(getUlyssesLP(routes[0].from).asset()).safeTransferFrom(msg.sender, address(this), amount); 92: address(getUlyssesLP(routes[length].to).asset()).safeTransfer(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesRouter.sol#L74
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesRouter.sol#L92
File: BranchBridgeAgent.sol 227: bytes1(0x04), msg.sender, depositNonce, _params, msg.value.toUint128(), _remoteExecutionGas 234: _noDepositCall(msg.sender, packedData, msg.value.toUint128());
File: BranchBridgeAgent.sol 188: msg.value.toUint128(), 202: msg.value.toUint128(), 215: msg.value.toUint128(), 227: msg.value.toUint128(), 255: msg.value.toUint128(), 299: msg.value.toUint128(), 346: msg.value.toUint128(), 361: msg.value.toUint128(), 381: msg.value.toUint128(), 395: msg.value.toUint128(), 426: msg.value.toUint128(), 435: msg.value.toUint128(), 471: msg.value.toUint128(), 496: msg.value.toUint128(), 518: msg.value.toUint128(), 540: msg.value.toUint128(), 188: msg.value.toUint128() 202: msg.value.toUint128() 215: msg.value.toUint128() 227: msg.value.toUint128() 234: msg.value.toUint128() 255: msg.value.toUint128() 270: msg.value.toUint128() 299: msg.value.toUint128() 314: msg.value.toUint128() 346: msg.value.toUint128() 361: msg.value.toUint128() 381: msg.value.toUint128() 395: msg.value.toUint128() 405: msg.value.toUint128() 411: msg.value.toUint128() 426: msg.value.toUint128() 435: msg.value.toUint128() 443: msg.value.toUint128() 471: msg.value.toUint128() 496: msg.value.toUint128() 518: msg.value.toUint128() 540: msg.value.toUint128()
File: BranchBridgeAgent.sol 342: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 357: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 188: msg.value.toUint128(), 202: msg.value.toUint128(), 215: msg.value.toUint128(), 227: msg.value.toUint128(), 255: msg.value.toUint128(), 299: msg.value.toUint128(), 346: msg.value.toUint128(), 361: msg.value.toUint128(), 381: msg.value.toUint128(), 395: msg.value.toUint128(), 426: msg.value.toUint128(), 435: msg.value.toUint128(), 471: msg.value.toUint128(), 496: msg.value.toUint128(), 518: msg.value.toUint128(), 540: msg.value.toUint128(), 342: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 357: getDeposit[_depositNonce].deposits[0], ERC20(getDeposit[_depositNonce].tokens[0]).decimals() 188: msg.value.toUint128(), 202: msg.value.toUint128(), 215: msg.value.toUint128(), 227: msg.value.toUint128(), 255: msg.value.toUint128(), 299: msg.value.toUint128(), 346: msg.value.toUint128(), 361: msg.value.toUint128(), 381: msg.value.toUint128(), 395: msg.value.toUint128(), 426: msg.value.toUint128(), 435: msg.value.toUint128(), 471: msg.value.toUint128(), 496: msg.value.toUint128(), 518: msg.value.toUint128(), 540: msg.value.toUint128(), 188: msg.value.toUint128(), 202: msg.value.toUint128(), 215: msg.value.toUint128(), 227: msg.value.toUint128(), 255: msg.value.toUint128(), 299: msg.value.toUint128(), 346: msg.value.toUint128(), 361: msg.value.toUint128(), 381: msg.value.toUint128(), 395: msg.value.toUint128(), 426: msg.value.toUint128(), 435: msg.value.toUint128(), 471: msg.value.toUint128(), 496: msg.value.toUint128(), 518: msg.value.toUint128(), 540: msg.value.toUint128(), 188: msg.value.toUint128(), 202: msg.value.toUint128(), 215: msg.value.toUint128(), 227: msg.value.toUint128(), 255: msg.value.toUint128(), 299: msg.value.toUint128(), 346: msg.value.toUint128(), 361: msg.value.toUint128(), 381: msg.value.toUint128(), 395: msg.value.toUint128(), 426: msg.value.toUint128(), 435: msg.value.toUint128(), 471: msg.value.toUint128(), 496: msg.value.toUint128(), 518: msg.value.toUint128(), 540: msg.value.toUint128(), 405: _depositGas(msg.value.toUint128()); 411: getDeposit[_depositNonce].depositedGas = msg.value.toUint128();
File: BranchBridgeAgent.sol 1029: uint256 gasLeft = gasleft(); 1063: uint256 gasLeft = gasleft(); 1036: _forceRevert(); 1051: _forceRevert(); 1070: _forceRevert(); 1149: _forceRevert(); 1171: _forceRevert(); 1195: _forceRevert(); 1316: _forceRevert(); 1047: uint256 gasAfterTransfer = gasleft(); 1036: _forceRevert(); 1051: _forceRevert(); 1070: _forceRevert(); 1149: _forceRevert(); 1171: _forceRevert(); 1195: _forceRevert(); 1316: _forceRevert();
File: BranchBridgeAgent.sol 1036: _forceRevert(); 1051: _forceRevert(); 1070: _forceRevert(); 1149: _forceRevert(); 1171: _forceRevert(); 1195: _forceRevert(); 1316: _forceRevert(); 1036: _forceRevert(); 1051: _forceRevert(); 1070: _forceRevert(); 1149: _forceRevert(); 1171: _forceRevert(); 1195: _forceRevert(); 1316: _forceRevert(); 1036: _forceRevert(); 1051: _forceRevert(); 1070: _forceRevert(); 1149: _forceRevert(); 1171: _forceRevert(); 1195: _forceRevert(); 1316: _forceRevert();
File: MulticallRootRouter.sol 295: IVirtualAccount(userAccount).userAddress(), 320: IVirtualAccount(userAccount).userAddress(), 371: IVirtualAccount(userAccount).userAddress(), 396: IVirtualAccount(userAccount).userAddress(), 447: IVirtualAccount(userAccount).userAddress(), 472: IVirtualAccount(userAccount).userAddress(), 295: IVirtualAccount(userAccount).userAddress(), 320: IVirtualAccount(userAccount).userAddress(), 371: IVirtualAccount(userAccount).userAddress(), 396: IVirtualAccount(userAccount).userAddress(), 447: IVirtualAccount(userAccount).userAddress(), 472: IVirtualAccount(userAccount).userAddress(),
File: RootBridgeAgent.sol 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert(); 693: _forceRevert(); 815: _forceRevert(); 840: _forceRevert(); 902: _forceRevert(); 920: _forceRevert(); 945: _forceRevert(); 970: _forceRevert(); 994: _forceRevert(); 1018: _forceRevert(); 1054: _forceRevert(); 1089: _forceRevert(); 1124: _forceRevert(); 1153: _forceRevert(); 1226: _forceRevert();
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L693
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L815
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L840
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L902
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L920
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L945
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L970
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L994
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1018
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1054
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1089
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1124
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1153
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L1226
</details>Inline-assembly can be used to shorten the array by changing the length slot, so that the entries don't have to be copied to a new, shorter array
File: PoolVariables.sol 209: uint32[] memory secondsAgo = new uint32[](2);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/libraries/PoolVariables.sol#L209
File: UlyssesPool.sol 377: uint256[] memory diffs = new uint256[](length);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L377
File: UlyssesFactory.sol 144: address[] memory destinations = new address[](length);
File: BranchBridgeAgent.sol 281: uint256[] memory _deposits = new uint256[](_dParams.hTokens.length);
File: BranchBridgeAgent.sol 574: address[] memory _hTokens = new address[](numOfAssets); 575: address[] memory _tokens = new address[](numOfAssets); 576: uint256[] memory _amounts = new uint256[](numOfAssets); 577: uint256[] memory _deposits = new uint256[](numOfAssets);
File: BranchBridgeAgent.sol 717: uint256[] memory deposits = new uint256[](_dParams.hTokens.length);
File: BranchBridgeAgent.sol 872: address[] memory hTokens = new address[](1); 874: address[] memory tokens = new address[](1); 876: uint256[] memory amounts = new uint256[](1); 878: uint256[] memory deposits = new uint256[](1);
File: RootBridgeAgent.sol 340: address[] memory hTokens = new address[](_globalAddresses.length); 341: address[] memory tokens = new address[](_globalAddresses.length);
File: RootBridgeAgent.sol 494: address[] memory hTokens = new address[](1); 496: address[] memory tokens = new address[](1); 498: uint256[] memory amounts = new uint256[](1); 500: uint256[] memory deposits = new uint256[](1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L494
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L496
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L498
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-omnichain/RootBridgeAgent.sol#L500
</details>File: RootBridgeAgentExecutor.sol 359: address[] memory hTokens = new address[](numOfAssets); 360: address[] memory tokens = new address[](numOfAssets); 361: uint256[] memory amounts = new uint256[](numOfAssets); 362: uint256[] memory deposits = new uint256[](numOfAssets);
require() statements that use && saves gasInstead of using operator && on a single require. Using a two require can save more gas.
i.e.
for require(version == 1 && _bytecodeHash[1] == bytes1(0), "zf"); use:
require(version == 1); require(_bytecodeHash[1] == bytes1(0));
File: TalosBaseStrategy.sol 408: require(balance0 >= amount0 && balance1 >= amount1);
https://github.com/code-423n4/2023-05-maia/tree/main/src/talos/base/TalosBaseStrategy.sol#L408
If variables occupying the same slot are both written the same function or by the constructor, avoids a separate Gsset (20000 gas). Reads of the variables can also be cheaper
File: BaseV2Minter.sol 16: contract BaseV2Minter is Ownable, IBaseV2Minter { ... /// @inheritdoc IBaseV2Minter uint256 public override weekly; /// @inheritdoc IBaseV2Minter uint256 public override activePeriod;
Can save one storage slot by changing from uint256 to uint128
https://github.com/code-423n4/2023-05-maia/blob/main/src/hermes/minters/BaseV2Minter.sol#L47-L49
</details>To help the optimizer, declare a storage type variable and use it instead of repeatedly fetching the reference in a map or an array. The effect can be quite significant. As an example, instead of repeatedly calling someMap[someIndex], save its reference like this: SomeStruct storage someStruct = someMap[someIndex] and use it.
File: ERC20Boost.sol 100: values[i] = _userGauges[user].at(offset + i);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L100
File: ERC20Boost.sol 153: address[] memory gaugeList = _userGauges[user].values();
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L153
File: ERC20Boost.sol 160: uint256 gaugeBoost = getUserGaugeBoost[user][gauge].userGaugeBoost;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Boost.sol#L160
File: ERC20Gauges.sol 157: values[i] = _userGauges[user].at(offset + i);
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L157
File: ERC20Gauges.sol 532: address[] memory gaugeList = _userGauges[user].values();
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L532
File: ERC20Gauges.sol 538: uint112 userGaugeWeight = getUserGaugeWeight[user][gauge];
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L538
File: ERC20Gauges.sol 553: getUserWeight[user] -= userFreed;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20Gauges.sol#L553
File: ERC20MultiVotes.sol 324: address[] memory delegateList = _delegates[user].values();
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L324
File: ERC20MultiVotes.sol 330: uint256 delegateVotes = _delegatesVotesCount[user][delegatee];
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L330
File: ERC20MultiVotes.sol 339: require(_delegates[user].remove(delegatee));
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L339
File: ERC20MultiVotes.sol 340: _delegatesVotesCount[user][delegatee] = 0;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L340
File: ERC20MultiVotes.sol 343: _delegatesVotesCount[user][delegatee] -= votesToFree;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L343
File: ERC20MultiVotes.sol 353: userDelegatedVotes[user] -= totalFreed;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-20/ERC20MultiVotes.sol#L353
File: ERC4626MultiToken.sol 163: uint256 allowed = allowance[owner][msg.sender];
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L163
File: ERC4626MultiToken.sol 165: if (allowed != type(uint256).max) allowance[owner][msg.sender] = allowed - shares;
https://github.com/code-423n4/2023-05-maia/tree/main/src/erc-4626/ERC4626MultiToken.sol#L165
File: GovernorBravoDelegateMaia.sol 179: Proposal storage proposal = proposals[proposalId];
File: GovernorBravoDelegateMaia.sol 213: Proposal storage proposal = proposals[proposalId];
File: GovernorBravoDelegateMaia.sol 230: Proposal storage proposal = proposals[proposalId];
File: FlywheelGaugeRewards.sol 179: QueuedRewards memory queuedRewards = gaugeQueuedRewards[gauge];
File: UlyssesPool.sol 226: uint256 poolIndex = destinations[poolId];
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L226
File: UlyssesPool.sol 239: uint256 weightsWithoutPool = oldTotalWeights - bandwidthStateList[poolIndex].weight;
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L239
File: UlyssesPool.sol 249: BandwidthState storage poolState = bandwidthStateList[poolIndex];
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesPool.sol#L249
File: UlyssesRouter.sol 92: address(getUlyssesLP(routes[length].to).asset()).safeTransfer(msg.sender, amount);
https://github.com/code-423n4/2023-05-maia/tree/main/src/ulysses-amm/UlyssesRouter.sol#L92
</details>The upcoming v4.9.0 version of OpenZeppelin provides many small gas optimizations. https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.0
File: package.json "@openzeppelin/contracts": "4.6.0"
https://github.com/code-423n4/2023-05-maia/tree/main/src/../lib/v3-periphery/package.json#L32
Update OpenZeppelin Contracts Usage in package.json and require at least version of 4.9.0
The operators || and && apply the common short-circuiting rules. This means that in the expression f(x) || g(y), if f(x) evaluates to true, g(y) will not be evaluated even if it may have side-effects.
So setting less costly function to f(x) and setting costly function to g(x) is efficient.
i.e.
if (!varA && msg.sender != varB);
Can be changed to:
if (msg.sender != varB && !varA);
File: GovernorBravoDelegateMaia.sol 234: (msg.sender != proposal.proposer && msg.sender != admin)
#0 - c4-judge
2023-07-11T08:02:46Z
trust1995 marked the issue as grade-a
#1 - c4-sponsor
2023-07-12T19:22:02Z
0xBugsy marked the issue as sponsor confirmed
#2 - 0xBugsy
2023-07-12T20:23:34Z
Very well illustrated submission
#3 - 0xLightt
2023-09-07T11:28:11Z