Platform: Code4rena
Start Date: 27/10/2022
Pot Size: $33,500 USDC
Total HM: 8
Participants: 96
Period: 3 days
Judge: kirk-baird
Total Solo HM: 1
Id: 176
League: ETH
Rank: 47/96
Findings: 2
Award: $31.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: robee
Also found by: 0x007, 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 8olidity, Awesome, B2, Bnke0x0, Chom, Diana, Dravee, JTJabba, Jeiwan, Josiah, Lambda, Mathieu, Picodes, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Ruhum, Sm4rty, Tricko, Trust, Waze, __141345__, a12jmx, adriro, ajtra, brgltd, c3phas, carlitox477, cccz, ch0bu, chaduke, chrisdior4, corerouter, cryptonue, csanuragjain, ctf_sec, cylzxje, delfin454000, dic0de, djxploit, horsefacts, imare, jayphbee, jwood, ktg, ladboy233, leosathya, lukris02, minhtrng, neko_nyaa, oyc_109, pashov, peritoflores, rbserver, rvierdiiev, shark, tnevler, yixxas
19.6449 USDC - $19.64
WEEK constant using native unitsThe WEEK constant can be defined by using 7 days.
chestAddress in constructorValidate chestAddress != address(0) during contract initialization.
minTargetVotes in constructorValidate that minTargetVotes > 0 in the contract's constructor to match the semantics in the associated updateMinTargetVotes setter.
getAllPledgesThe pledges array will eventually grow in size as the contract is used and will keep all historic pledges. Consider adding a paginated (offset + length) version of this accessor.
endTimestamp in the _pledge functionValidate that the endTimestamp parameter is not in the past. This isn't a big issue since uint256 boostDuration = endTimestamp - block.timestamp; will underflow and revert, but consider adding a validation and returning a proper error.
#0 - c4-judge
2022-11-12T01:07:37Z
kirk-baird marked the issue as grade-b
🌟 Selected for report: c3phas
Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler
11.5153 USDC - $11.52
_pledge functionThe update in line 268 can be done using unchecked math since rewardAmount <= pledgeAvailableRewardAmounts[pledgeId] due to the check in line 267.
createPledge functionIn line 340 there's an unnecessary read from storage since pledgeAvailableRewardAmounts[vars.newPledgeID] should be 0 since we are creating a new pledge with a new unused id. Consider changing this line to be a simple assignment:
pledgeAvailableRewardAmounts[vars.newPledgeID] = vars.totalRewardAmount;
pledgeParams.endTimestamp is read twice in extendPledge and increasePledgeRewardPerVoteThis storage variable is readed twice in lines 380 and 382 in the extendPledge function and similarly in lines 426 and 430 in the increasePledgeRewardPerVote function. Consider storing the first read from storage locally to prevent a re-read.
pledgeParams.rewardToken is read twice in extendPledge and increasePledgeRewardPerVoteThis storage variable is readed twice in lines 394 and 396 in the extendPledge function and similarly in lines 438 and 440 in the increasePledgeRewardPerVote function. Consider storing the first read from storage locally to prevent a re-read.
#0 - c4-judge
2022-11-12T01:07:52Z
kirk-baird marked the issue as grade-b