Platform: Code4rena
Start Date: 04/02/2022
Pot Size: $30,000 USDC
Total HM: 3
Participants: 37
Period: 3 days
Judge: leastwood
Id: 84
League: ETH
Rank: 24/37
Findings: 2
Award: $109.83
🌟 Selected for report: 0
🚀 Solo Findings: 0
67.0168 USDC - $67.02
Even after the sale has started the owner is still able to adjust the price of the token.
Just like the other config parameters, e.g. saleStart it would be more transparent for the user if the price is either static or is bound to a predefined formula.
From the documentation, I don't see a reason for ever changing the price while the sale is live. So you might as well not allow it at all.
function setTokenOutPrice(uint256 _tokenOutPrice) external onlyOwner { require(block.timestamp <= saleStart); require(_tokenOutPrice > 0, "TokenSale: the price must not be zero"); tokenOutPrice = _tokenOutPrice; emit TokenOutPriceUpdated(_tokenOutPrice); }
Even after the sale has started the owner is still able to adjust the number of tokens that can be sold. Pretty much the same thing as the above issue. Again I don't see a reason for increasing or decreasing the limit while the sale is live.
function setTokenInLimit(uint256 _tokenInLimit) external onlyOwner { require(block.timestamp <= saleStart); require(!finalized, "TokenSale: already finalized"); tokenInLimit = _tokenInLimit; emit TokenInLimitUpdated(_tokenInLimit); }
42.8113 USDC - $42.81
Improved caching of state variables for the buy() function to reduce the user's gas costs
The saleStart state variable is read twice. Caching it reduces gas costs by 185.
function buy( uint256 _tokenInAmount, uint8 _daoId, bytes32[] calldata _proof ) external whenNotPaused returns (uint256 tokenOutAmount_) { uint _saleStart = saleStart; require(_saleStart <= block.timestamp, "TokenSale: not started"); require( block.timestamp < _saleStart + saleDuration, "TokenSale: already ended" ); // rest of the function }
The totalTokenIn + _tokenInAmount operation is executed twice. Caching it will reduce gas costs by 294.
function buy( uint256 _tokenInAmount, uint8 _daoId, bytes32[] calldata _proof ) external whenNotPaused returns (uint256 tokenOutAmount_) { // ... require(_tokenInAmount > 0, "_tokenInAmount should be > 0"); uint newTotalTokenIn = totalTokenIn + _tokenInAmount; require( newTotalTokenIn <= tokenInLimit, "total amount exceeded" ); // ... totalTokenIn = newTotalTokenIn; //... }
caching guestlist will save 123 gas.
function buy( uint256 _tokenInAmount, uint8 _daoId, bytes32[] calldata _proof ) external whenNotPaused returns (uint256 tokenOutAmount_) { // ... BadgerGuestListAPI _guestlist = guestlist; if (address(_guestlist) != address(0)) { require(_guestlist.authorized(msg.sender, _proof), "not authorized"); } // ... }
After compiling with the optimizer (200 runs) the gas savings are around 465 gas in total.