Back to UnusualTurtle's contests

Yieldy contest - UnusualTurtle's results

A protocol for gaining single side yields on various tokens.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $50,000 USDC

Total HM: 31

Participants: 99

Period: 5 days

Judges: moose-code, JasoonS, denhampreen

Total Solo HM: 17

Id: 139

League: ETH

Yieldy

Findings Distribution

Researcher Performance

Rank: 70/99

Findings: 2

Award: $79.71

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryYieldy

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1337, 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, FudgyDRS, Funen, GalloDaSballo, GimelSec, JC, Kaiziron, Lambda, Limbooo, Metatron, MiloTruck, Noah3o6, Picodes, PumpkingWok, PwnedNoMore, Sm4rty, StErMi, TomJ, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ak1, antonttc, berndartmueller, cccz, cryptphi, csanuragjain, defsec, delfin454000, dipp, elprofesor, exd0tpy, fatherOfBlocks, hake, hansfriese, hubble, joestakey, kenta, ladboy233, mics, oyc_109, pashov, pedr02b2, reassor, robee, samruna, scaraven, shung, sikorico, simon135, sseefried, tchkvsky, unforgiven, zzzitron

Awards

53.1414 USDC - $53.14

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

1. approve() is not called using IERC20Upgradeable

The approve() call is not called using IERC20Upgradeable which is using SafeERC20Upgradeable

Examples of this issue in the codebase:

  1. File: contracts\Staking.sol (Line 83)

2. risk of using approve

Be aware that this is susceptible to race-condition as said in the documentation

Example of this issue in the codebase:

  1. File: contracts\Staking.sol (Line 92)

#0 - toshiSat

2022-06-27T17:28:14Z

sponsor acknowledged

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters

Awards

26.5713 USDC - $26.57

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

1. SPLITTING REQUIRE() STATEMENTS THAT USE && SAVES GAS

Examples of this issue in the codebase:

  1. File: contracts\LiquidityReserve.sol (Line 45)

  2. File: contracts\Staking.sol (Line 575)

2. USE CUSTOM ERRORS RATHER THAN REVERT()/REQUIRE() STRINGS TO SAVE DEPLOYMENT GAS

Examples of this issue in the codebase:

  1. File: contracts\LiquidityReserve.sol (Line 62)

  2. File: contracts\LiquidityReserve.sol (Line 192)

3. USING > 0 COSTS MORE GAS THAN != 0 WHEN USED ON A UINT IN A REQUIRE() STATEMENT

Examples of this issue in the codebase:

  1. File: contracts\Staking.sol (Line 410)

  2. File: contracts\Yieldy.sol (Line 83)

4. MINIMIZE THE NUMBER OF EXPENSIVE SLOAD CALL

Examples of this issue in the codebase:

  1. File: contracts\BatchRequests.sol contracts can be cached (Line 18)

  2. File: contracts\BatchRequests.sol contracts can be cached (Line 37)

#0 - toshiSat

2022-06-27T17:37:39Z

sponsor acknowledged + some duplicates

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter