Stader Labs - SAAJ's results

Decentralized ETH liquid staking protocol with 4 ETH bond for anyone to be a node operator.

General Information

Platform: Code4rena

Start Date: 02/06/2023

Pot Size: $100,000 USDC

Total HM: 15

Participants: 75

Period: 7 days

Judge: Picodes

Total Solo HM: 5

Id: 249

League: ETH

Stader Labs

Findings Distribution

Researcher Performance

Rank: 39/75

Findings: 2

Award: $40.19

QA:

grade-b

Gas:

grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Stader Labs

Findings Information

🌟 Selected for report: RaymondFam

Also found by: 0xWaitress, 0xhacksmithh, ChrisTina, DadeKuma, LaScaloneta, Rolezn, SAAJ, Sathish9098, T1MOH, bin2chen, btk, catellatech, ernestognw, fatherOfBlocks, hals, hunter_w3b, jaraxxus, matrix_0wl, mgf15, naman1778, niser93, solsaver, turvy_fuzz

Awards

18.5651 USDC - $18.57

Labels

bug

grade-b

QA (Quality Assurance)

Q-09

External Links

Link to GitHub issue

Low Risk and Non-Critical Issues

[L-01] Minting tokens to the zero address should be avoided (01 Instances)

Address(0) check is missing in mint function, consider applying check to ensure tokens aren’t minted to the zero address.

Link to the code: https://github.com/code-423n4/2023-06-stader/blob/main/contracts/ETHx.sol#L48

[L-02] Missing event for important parameter change (08 Instances)

Important parameter or configuration changes should trigger an event to allow being tracked off-chain.

Link to the code:

[L-03] Use a modifier for access control (08 Instances)

Consider using a modifier to implement access control instead of inlining the condition/requirement in the function’s body.

Link to the code:

[L-04] Missing initializer modifier on constructor (05 Instances)

OpenZeppelin recommends that the initializer modifier be applied to constructors in order to avoid potential griefs, social engineering, or exploits. Ensure that the modifier is applied to the implementation contract. If the default constructor is currently being used, it should be changed to be an explicit one with the modifier applied.

Link to the code:

[L-05] Add a timelock to critical functions (04 Instances)

It is a good practice to give time for users to react and adjust to critical changes. A timelock provides more guarantees and reduces the level of trust required, thus decreasing risk for users. It also indicates that the project is legitimate (less risk of a malicious owner making a sandwich attack on a user).

Link to the code:

[L-06] Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from various type int/uint values (02 Instances)

Link to the code:

[L-07] Missing checks for address(0x0) when assigning values to address state variables (12 Instances)

Zero-address check should be used, to avoid the risk of setting a storage variable as address(0) at deploying time.

Link to the code:

[N-01] According to the syntax rules, use => mapping ( instead of => mapping( using spaces as keyword (12 Instances)

Link to the code:

[N-02] Pragma Floating (01 Instances)

Locking pragma version ensures contracts are not being deployed on an outdated compiler version.

Link to the code: https://github.com/code-423n4/2023-06-stader/blob/main/contracts/VaultProxy.sol#L2

[N-03] Empty blocks should be removed (01 Instances)

Avoid using code blocks or use them for some process like emitting events.

Link to the code: https://github.com/code-423n4/2023-06-stader/blob/main/contracts/NodeELRewardVault.sol#L14

[N-04] Function writing that does not comply with the Solidity Style Guide

All Contracts Order of functions should help readers identify which functions they can call and to find the constructor and fallback definitions easier.

Functions should be grouped according to their visibility and ordered as mentioned in the article i.e.; constructor external public internal private within a grouping, place the view and pure functions last

#0 - c4-judge
2023-06-14T06:09:16Z

Picodes marked the issue as grade-b

Findings Information

🌟 Selected for report: JCN

Also found by: 0x70C9, 0xSmartContract, 0xWaitress, 0xhacksmithh, DavidGiladi, K42, LaScaloneta, Rageur, Raihan, SAAJ, SAQ, SM3_SS, Sathish9098, Tomio, bigtone, c3phas, ernestognw, etherhood, koxuan, matrix_0wl, mgf15, naman1778, niser93, petrichor, piyushshukla, sebghatullah, shamsulhaq123

Awards

21.6219 USDC - $21.62

Labels

bug

G (Gas Optimization)

grade-b

G-21

External Links

Link to GitHub issue

Gas Optimizations Report

This report focuses on Stader Protocol contest, in context of various improvements that can be made in terms of gas cost.

Some of the opportunities identified for improving gas efficiency throughout the codebase of stader protocol are categorised into 10 main areas; with further multiple instances in each of the category.

[G-01] Immutable has more gas efficiency than constant (15 Instances)

Using immutable instead of constant, save more gas due to avoiding storage access for state variables.

Variable values are set through constructor when using immutable, which also eliminates the need of assigning initial values to state variable making them more efficient in terms of gas cost.

Link to the Code:

[G-02] Use hardcode address instead address(this) (27 Instances)

Instead of using address(this), it is more gas-efficient to pre-calculate and use the hardcoded address.

Link to the code:

[G-03] Use != 0 instead of > 0 for unsigned integer comparison (13 Instances)

Link to the Code:

[G-04] Use uint256(1)/uint256(2) instead for true and false boolean states (14 Instances)

Boolean for storage if not used, saves Gwarmaccess 100 gas. In addition, state changes of boolean from true to false can cost up to ~20000 gas rather than uint256(2) to uint256(1) that would cost significantly less.

Link to the Code:

[G-05] Setting the constructor to payable (11 Instances)

Saves ~13 gas per instance

Link to the Code:

[G-06] Public functions to external instead (12 Instances)

Functions with public visibility, if not called within the contract needed to be changed external.

Link to the Code:

[G 07] abi.encode() is less efficient than abi.encodepacked()(18 Instances)

Refer to this article.

Link to the Code:

[G 08] String literals passed to abi.encode()/abi.encodePacked() should not be split by commas (26 Instances)

String literals can be split into multiple parts and still be considered as a single string literal. EACH new comma costs 21 gas due to stack operations and separate MSTOREs.

Link to the Code:

[G-09] Use assembly to check for address(0) (02 Instances)

Link to the Code:

[G-10] Use calldata instead of memory for function parameters (01 Instances)

Using calldata in external function does not require data to be stored, which reduced the process time as compared to memory. This in return saves gas during calling the data.

Link to the Code:

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/SDCollateral.sol#L124

#0 - c4-judge
2023-06-14T05:44:09Z

Picodes marked the issue as grade-b

Stader Labs - SAAJ's results

Decentralized ETH liquid staking protocol with 4 ETH bond for anyone to be a node operator.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-09] QA Report - $18.57

Findings Information

Awards

Labels

External Links

Low Risk and Non-Critical Issues

[L-01] Minting tokens to the zero address should be avoided (01 Instances)

[L-02] Missing event for important parameter change (08 Instances)

[L-03] Use a modifier for access control (08 Instances)

[L-04] Missing initializer modifier on constructor (05 Instances)

[L-05] Add a timelock to critical functions (04 Instances)

[L-06] Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from various type int/uint values (02 Instances)

[L-07] Missing checks for address(0x0) when assigning values to address state variables (12 Instances)

[N-01] According to the syntax rules, use => mapping ( instead of => mapping( using spaces as keyword (12 Instances)

[N-02] Pragma Floating (01 Instances)

[N-03] Empty blocks should be removed (01 Instances)

[N-04] Function writing that does not comply with the Solidity Style Guide

#0 - c4-judge2023-06-14T06:09:16Z

[G-21] Gas Report - $21.62

Findings Information

Awards

Labels

External Links

Gas Optimizations Report

[G-01] Immutable has more gas efficiency than constant (15 Instances)

[G-02] Use hardcode address instead address(this) (27 Instances)

[G-03] Use != 0 instead of > 0 for unsigned integer comparison (13 Instances)

[G-04] Use uint256(1)/uint256(2) instead for true and false boolean states (14 Instances)

[G-05] Setting the constructor to payable (11 Instances)

[G-06] Public functions to external instead (12 Instances)

[G 07] abi.encode() is less efficient than abi.encodepacked()(18 Instances)

[G 08] String literals passed to abi.encode()/abi.encodePacked() should not be split by commas (26 Instances)

[G-09] Use assembly to check for address(0) (02 Instances)

[G-10] Use calldata instead of memory for function parameters (01 Instances)

#0 - c4-judge2023-06-14T05:44:09Z

#0 - c4-judge
2023-06-14T06:09:16Z

#0 - c4-judge
2023-06-14T05:44:09Z