Platform: Code4rena
Start Date: 25/08/2022
Pot Size: $75,000 USDC
Total HM: 35
Participants: 147
Period: 7 days
Judge: 0xean
Total Solo HM: 15
Id: 156
League: ETH
Rank: 80/147
Findings: 2
Award: $86.90
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: zzzitron
Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas
54.3175 DAI - $54.32
#1 Missing natspec comment for activate
A function has a natspec comment to explain utility about function or parameter but natspec comment activate_ is missing. So i suggest to add natspec comment for parameter activate_.
#2 Missing indexed field
Each event should use three indexed fields if there are three or more fields
#3 File Missing natspec
A function has a natspec comment to explain utility about function or parameter. So add natspec comment to increase readability
#4 File missing natspec comment
A function has a natspec comment to explain utility about function or parameter. So add natspec comment to increase readability
#5 Missing check address(0)
To avoid zero address. Wes suggest to add simple check withdraw address in the function.
#6 Address in constructor was missing check
constructor have params address, so to avoid vulnerability we suggest to consider add simple check address(0) for the params
#7 Mint missing check for address (0)
Add requirement checkk for address because the adrress cannot be the zero address. it's better to add emit for increase creadibility.
#8 Burn missing check for amount and address
Add requirement check for address and amount because the adrress cannot be the zero address. and the amount must greater than zero. it's better to add emit for increase creadibility.
#9 Must be immutable
the state observationFrequency and movingAverageDuration can't be initialize by constructor. the constructor parameter mention state observationFrequency and movingAverageDuration to initialize. so i suggest to add immutable in observationFrequency and movingAverageDuration.
#10 Ohm must be immutable
the state ohm can't be initialize by constructor. the constructor parameter mention state ohm to initialize. so i suggest to add immutable in ohm.
#11 Safeapprove is deprecated
Deprecated https://github.com/OpenZeppelin/openzeppelin-contracts/blob/bfff03c0d2a59bcd8e2ead1da9aed9edf0080d05/contracts/token/ERC20/utils/SafeERC20.sol#L38-L45 in favor of safeIncreaseAllowance() and safeDecreaseAllowance()
#12 Reward and rewardToken must be immutable
the state reward and rewardToken can't be initialize by constructor. the constructor parameter mention state reward and rewardToken to initialize. so i suggest to add immutable in reward and rewardToken.
#13 Missing indexed field for voter
Each event should use indexed fields if there have any important param. add indexed in voter.
๐ Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami
32.5835 DAI - $32.58
#1 Use storage instead memory
Use storage instead ofย memory to reduce the gas fee. i suggest to change this.
#2 Visibility
Change visibility from public to internal or private for constant variable when possible can save gas.
#3 Increment
pre increment e.g ++i more cheaper gas than post increment e.g i++. We suggest to use pre increment.
#4 Use calldata instead memory
When arguments are read-only on external functions, the function() has an inputed parameter that using memory, if this function didnt change the parameter, its cheaper to use calldata then memory. so we suggest to change it.