Badger Citadel contest - Tomio's results

Bringing BTC to DeFi

General Information

Platform: Code4rena

Start Date: 14/04/2022

Pot Size: $75,000 USDC

Total HM: 8

Participants: 72

Period: 7 days

Judge: Jack the Pug

Total Solo HM: 2

Id: 110

League: ETH

BadgerDAO

Findings Distribution

Researcher Performance

Rank: 63/72

Findings: 1

Award: $89.30

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository BadgerDAO

Findings Information

🌟 Selected for report: Dravee

Also found by: 0v3rf10w, 0x1f8b, 0xAsm0d3us, 0xBug, 0xDjango, 0xNazgul, 0xkatana, CertoraInc, Cityscape, Funen, Hawkeye, IllIllI, MaratCerby, SolidityScan, TerrierLover, TomFrenchBlockchain, Tomio, TrungOre, bae11, berndartmueller, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gs8nrv, gzeon, horsefacts, ilan, jah, joestakey, joshie, kebabsec, kenta, nahnah, oyc_109, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tchkvsky, teryanarmen, z3s

Awards

89.3011 USDC - $89.30

Labels

bug

G (Gas Optimization)

External Links

Link to GitHub issue

Using unchecked and prefix increment can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/CitadelMinter.sol#L152

Recommended Mitigation Steps: change to prefix increment and unchecked

========================================================================

Using += to increase value on var

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/CitadelMinter.sol#L279 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/KnightingRound.sol#L196-L199

Recommended Mitigation Steps: Change to:

	_newTotalWeight += _weight;

========================================================================

Using != instead of > is more gas efficient

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/CitadelMinter.sol#L343 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L170 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L452

Recommended Mitigation Steps: Change to:

	require(length != 0, "CitadelMinter: no funding pools");

========================================================================

unnecessary value set. the default value of uint is zero.

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/CitadelMinter.sol#L152 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/CitadelMinter.sol#L180-L182 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/SupplySchedule.sol#L192

Recommended Mitigation Steps: remove 0

========================================================================

using delete statement can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/CitadelMinter.sol#L366 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadel.sol#L416

Recommended Mitigation Steps: Change to:

	delete fundingPoolWeights[_pool];

========================================================================

Using unchecked can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L236 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/KnightingRound.sol#L250

Recommended Mitigation Steps:

Unchecked{
limitLeft_ = assetCap - assetCumulativeFunded;
}

========================================================================

Using > is cheaper than >=

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L270-L271 https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L361

Recommended Mitigation Steps: 1 second difference can be ignored to validate Change from: >= or <= to: > or <

========================================================================

Using calldata to store struct data type can save gas

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L244

Recommended Mitigation Steps: Change memory to calldata

========================================================================

Gas improvement on returning governancePerformanceFee and strategistPerformanceFee value

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadel.sol#L859

Recommended Mitigation Steps: declare governancePerformanceFee, strategistPerformanceFee in function returns and delete #L874 can save gas

function _calculatePerformanceFee(uint256 _amount)
        internal
        view
        returns (uint256 governancePerformanceFee, uint256 strategistPerformanceFee) //@audit-info return here
    {
        uint256 governancePerformanceFee = _calculateFee(
            _amount,
            performanceFeeGovernance
        );

        uint256 strategistPerformanceFee = _calculateFee(
            _amount,
            performanceFeeStrategist
        );
    }

========================================================================

unnecessary citadelAmountWithoutDiscount MSTORE

Proof of Concept: https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L207

Recommended Mitigation Steps: citadelAmountWithoutDiscount only called once. just calculated directly to citadelAmount_ #L211

 if (funding.discount > 0) {
            citadelAmount_ =
                ((_assetAmountIn * citadelPriceInAsset)* MAX_BPS) /
                (MAX_BPS - funding.discount);
        }

========================================================================

Badger Citadel contest - Tomio's results

Bringing BTC to DeFi

General Information

Findings Distribution

Researcher Performance

External Links

[G-07] Gas Report - $89.30

Findings Information

Awards

Labels

External Links