Platform: Code4rena
Start Date: 27/05/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 58
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 15
Id: 131
League: ETH
Rank: 20/58
Findings: 2
Award: $399.88
π Selected for report: 0
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xNazgul, 0xf15ers, BowTiedWardens, Chom, Funen, Kaiziron, Kumpa, MiloTruck, Picodes, Ruhum, SecureZeroX, Sm4rty, SmartSek, StyxRave, WatchPug, Waze, asutorufos, bardamu, berndartmueller, c3phas, catchup, cccz, codexploder, cryptphi, defsec, delfin454000, dipp, fatherOfBlocks, gzeon, hake, hansfriese, hyh, masterchief, oyc_109, sach1r0, sashik_eth, shenwilly, simon135, unforgiven
337.1951 USDC - $337.20
bool return value to indicate success or failure.
But the following functions return always true or revert transaction, so the return value is meaning less.
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/KeeperGauge.sol#L57-L62Recommendation: Return false for special conditions, or remove return value.
reportFees() function of KeeperGauge.sol needs to have zero amount check.
There is no zero amount check in reportFees() function, thus beneficiaryβs firstEpochSet and nextEpochToClaim will be initialized, and this lead high gas cost in claim function.Recommendation: Check zero amount to avoid updating data and wasting gas.
#0 - GalloDaSballo
2022-06-20T00:33:46Z
Agree, good find
I'm not sure about which gas savings the zero check will provide
#1 - GalloDaSballo
2022-06-20T00:34:04Z
Formatting could use titles
π Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Chom, Dravee, Fitraldys, Funen, Kaiziron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SecureZeroX, Sm4rty, SmartSek, StyxRave, Tadashi, Tomio, Waze, asutorufos, berndartmueller, c3phas, catchup, csanuragjain, defsec, delfin454000, djxploit, fatherOfBlocks, gzeon, hake, hansfriese, oyc_109, robee, sach1r0, sashik_eth, scaraven, simon135
62.6774 USDC - $62.68
Recommendation: Remove unused libraries.
InflationManager call poolCheckPoint(), then call kill() function, but inside of kill() function, poolCheckPoint() will be executed again.
Recommendation:
Remove poolCheckPoint() call before kill.
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/access/RoleManager.sol#L82
Recommendation Cache length of array and use it in loop.
!=0 instead of >0 for uint non zero check.
In most of places, there is something like a > 0 for non-zero check.
For Uint variables, there is no negative value, so itβs enough to change to a != 0.Recommendation: Use non-equal operator instead of greater operator for non-zero check.
lastEvent in Minter.sol can be update multiple times.
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/Minter.sol#L222_mint function update lastEvent twice β first update in Line 222, and second update inside executeInflationRateUpdate()
Recommendation: Optimize code to avoid multiple updates.
There is a IBkdToken interface, but now it is using BkdToken (implementation contract) for external calls.
This increase contract size.
Recommendation: Use interface for external calls.
#0 - GalloDaSballo
2022-06-17T22:40:32Z
Doesn't save gas
Finding is valid, but the warden didn't specify how much gas is saved, I'll give it 200 gas, although it probably would have saved more (next time do the math yourself)
Saves 3 gas per instance 6 gas
Only in require, with solidity < 0.8.13, with optimizer on 3 gas
Setting storage to same value costs 100 gas as per ArrowGlacier, this would save 100 gas
##Β Use interface contract for external calls. I believe the optimizer removes all unused code reducing the excessive code by a lot
Total Gas Saved 309