Back to SooYa's contests

Paladin - Warden Pledges contest - SooYa's results

A governance lending protocol transforming users voting power into a new money lego.

General Information

Platform: Code4rena

Start Date: 27/10/2022

Pot Size: $33,500 USDC

Total HM: 8

Participants: 96

Period: 3 days

Judge: kirk-baird

Total Solo HM: 1

Id: 176

League: ETH

Paladin

Findings Distribution

Researcher Performance

Rank: 75/96

Findings: 1

Award: $11.52

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPaladin

Findings Information

🌟 Selected for report: c3phas

Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler

Awards

11.5153 USDC - $11.52

Labels

bug
G (Gas Optimization)
grade-b
G-31

External Links

Link to GitHub issue

Add unchecked {} for subtractions where the operands cannot underflow because of a previous require() or if-statement

since checking for underflow is already done in previous require() or if-statement, unchecked the subtractions saves gas for the operation. require(a <= b); x = b - a => require(a <= b); unchecked { x = b - a } There are some instances for this issue: https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L319 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L385 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L431

<X> = <X> + <Y> is cheaper than <X> += <Y>

For operation like addition or subtraction in state variable, <X> = <X> + <Y> is more efficient than <X> += <Y>. There are some instances for this issue : https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L268 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L401 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L445

Duplicated check for user should be refactored to a modifier or function

By refactored the require()/revert() to a modifier or function saves deployment gas. There are 4 checks for creator in this contract :

https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L376 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L422 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L459 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L491

I suggest to refactored the code below to a modifier or function to saves deployment gas. if(msg.sender != creator) revert Errors.NotPledgeCreator();

Redundant revert() check in addMultipleRewardToken() function

In the addMultipleRewardToken() function, minRewardsPerSecond.length should not be zero. So if length is 0, the second revert() is enough, no need to check using first revert(), it saves gas. So its better to remove the first revert() : if (length == 0) revert error.EmptyArray(); https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L544-L545

#0 - c4-judge

2022-11-12T00:48:46Z

kirk-baird marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter