Platform: Code4rena
Start Date: 15/06/2022
Pot Size: $30,000 USDC
Total HM: 5
Participants: 55
Period: 3 days
Judge: Jack the Pug
Id: 138
League: ETH
Rank: 33/55
Findings: 2
Award: $81.42
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xFar5eer, 0xNazgul, 0xNineDec, 242, Chom, Czar102, Funen, GimelSec, Meera, Picodes, Sm4rty, Tadashi, TerrierLover, Waze, _Adam, a12jmx, asutorufos, codexploder, cryptphi, defsec, gzeon, hyh, joestakey, minhquanym, oyc_109, reassor, robee, saian, sorrynotsorry, unforgiven, zzzitron
51.2645 USDC - $51.26
#1 Similiar name
Impact similiar name variable name can confuse the system if it running and the system can fail to understand the usage of the variables which will lead them to interchange values for these variables.
Proof of Concept https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L322-L329
Line 322 and Line 329
Tools Remix
Recommendation steps Prevent variables from having similar names. i suggest to change name variable one.
30.1619 USDC - $30.16
#1 Change public to private
change from public to private can reduce the gas fee.
#2 Default value and increment
for(uint i = 0; i < length; i++){
default uint is 0 so remove unnecassary explicit can reduce gas pre increment ++i more cheaper gas than post increment i++. i suggest to use pre increment.
#3 Use storage instead memory
use storage instead memory for cheaper gas fee. i suggest to change
IAuraLocker.EarnedData[] memory earnedData = LOCKER.claimableRewards(address(this));
to
IAuraLocker.EarnedData[] storage earnedData = LOCKER.claimableRewards(address(this));
apply to others.
#4 Use calldata instead memory
In the external functions where the function argument is read-only, the function() has an inputed return that using memory, if this function didn't change the parameter return, its cheaper to use calldata then memory. so i suggest to change
function balanceOfRewards() external view override returns (TokenAmount[] memory rewards) {
to
function balanceOfRewards() external view override returns (TokenAmount[] storage rewards) {
apply to others.
#5 Reduce the string
reduce size of string error message can reduce the gas fee. reduce it if possible.
#6 Caching claims.length because use multiple times
https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L317 caching _claims.length to memory because use multiple times can reduce the gas.
uint256[] memory beforeBalance = new uint256[](_claims.length); for (uint256 i = 0; i < _claims.length; i++) {
#7 Use !=0 instead of >0
for unsigned integer, >0 is less efficient then !=0, so use !=0 instead of >0. apply to others.
#8 Use inequality >= then >
non strict inequality are cheaper than strict one. i suggest to use >= or <= instead of > and < if possible.
#0 - GalloDaSballo
2022-06-19T01:29:44Z
https://github.com/code-423n4/2022-06-badger-findings/issues/1 Change public to private Disagree it changes the functionality of the contract
3+ 5 gas
In lack of POC I must disagree
Same, in lack of POC I must disagree, also how do you edit calldata?
Rest I ack