Back to ajtra's contests

Yieldy contest - ajtra's results

A protocol for gaining single side yields on various tokens.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $50,000 USDC

Total HM: 31

Participants: 99

Period: 5 days

Judges: moose-code, JasoonS, denhampreen

Total Solo HM: 17

Id: 139

League: ETH

Yieldy

Findings Distribution

Researcher Performance

Rank: 73/99

Findings: 1

Award: $59.96

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryYieldy

Findings Information

🌟 Selected for report: BowTiedWardens

Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters

Awards

59.9591 USDC - $59.96

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue
  1. ++var cost less gas than var++. post-increment/decrement cost more gas then pre-increment/decrement

Staking.sol line 708 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L708) epoch.number++;

  1. Require strings longer than 32 bytes cost extra gas. Consider to shorthen them.

ERC20Upgradeable.sol line 191 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L191 require( currentAllowance >= amount, "ERC20: transfer amount exceeds allowance" );

ERC20Upgradeable.sol line 247 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L247
require( currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero" ); ERC20Upgradeable.sol line 275 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L275
require(sender != address(0), "ERC20: transfer from the zero address");

ERC20Upgradeable.sol line 276 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L276
require(recipient != address(0), "ERC20: transfer to the zero address");

ERC20Upgradeable.sol line 283 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L283 require( senderBalance >= amount, "ERC20: transfer amount exceeds balance" );

ERC20Upgradeable.sol line 328 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L328
require(account != address(0), "ERC20: burn from the zero address");

ERC20Upgradeable.sol line 333 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L333
require(accountBalance >= amount, "ERC20: burn amount exceeds balance");

ERC20Upgradeable.sol line 362 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L362
require(owner != address(0), "ERC20: approve from the zero address");

ERC20Upgradeable.sol line 363 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L363
require(spender != address(0), "ERC20: approve to the zero address");

  1. Operatos <= or >= cost more gas than operators < or >. Change all <= / >= operators for < / > and remember to increse / decrese in consecuence to maintain the logic (example, a <= b for a < b + 1)

LiquidityReserve.sol line 69 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L69) stakingTokenBalance >= MINIMUM_LIQUIDITY

LiquidityReserve.sol line 94 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L94) _fee <= BASIS_POINTS

LiquidityReserve.sol line 163 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L163) _amount <= balanceOf(msg.sender)

LiquidityReserve.sol line 171 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L171) IERC20Upgradeable(stakingToken).balanceOf(address(this)) >= amountToWithdraw

Staking.sol line 265 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L265) epoch.number >= info.expiry

Staking.sol line 285 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L285) epoch.number >= info.expiry

Staking.sol line 288 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L288) requestedWithdrawals.minCycle <= currentCycleIndex

Staking.sol line 289 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L289) requestedWithdrawals.amount + withdrawalAmount >= info.amount

Staking.sol line 290 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L290) withdrawalAmount >= info.amount

Staking.sol line 306 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L306) requestedWithdrawals.minCycle <= currentCycleIndex

Staking.sol line 361 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L361) block.timestamp + timeLeftToRequestWithdrawal >= nextCycleStart

Staking.sol line 528 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L528) _amount <= walletBalance + warmUpBalance

Staking.sol line 535 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L535) _amount >= warmUpBalance

Staking.sol line 586 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L586) reserveBalance >= _amount

Staking.sol line 703 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L703) epoch.endTime <= block.timestamp

Staking.sol line 713 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L713) balance <= staked

Yieldy.sol line 190 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L190) creditAmount <= creditBalances[msg.sender]

Yieldy.sol line 210 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L210)
_allowances[_from][msg.sender] >= _value

Yieldy.sol line 286 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L286) currentCredits >= creditAmount

ERC20PermitUpgradeable.sol line 74 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20PermitUpgradeable.sol#L74 block.timestamp <= deadline

ERC20Upgradeable.sol line 190 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L190
currentAllowance >= amount

ERC20Upgradeable.sol line 246 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L246
currentAllowance >= subtractedValue

ERC20Upgradeable.sol line 282 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L282
senderBalance >= amount

ERC20Upgradeable.sol line 333 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L333
accountBalance >= amount

  1. != 0 is cheaper than >. Replace all > 0 for != 0 LiquidityReserve.sol line 223 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L223)
    if (amount > 0) IStaking(stakingContract).unstake(amount, false);

Staking.sol line 118 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L118)
require(_recipient.amount > 0, "Must enter valid amount");

Staking.sol line 305 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L305)
requestedWithdrawals.amount > 0

Staking.sol line 326 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L326)
if (amountToRequest > 0) tokePoolContract.requestWithdrawal(_amount);

Staking.sol line 363 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L363)
requestWithdrawalAmount > 0;

Staking.sol line 392 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L392)
if (requestWithdrawalAmount > 0)

Staking.sol line 410 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L410)
require(_amount > 0, "Must have valid amount");

Staking.sol line 415 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L415)
if (yieldyTotalSupply > 0)

Staking.sol line 470 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L470)
if (info.credits > 0)

Staking.sol line 533 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L533)
if (warmUpBalance > 0)

Staking.sol line 572 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L572)
require(_amount > 0, "Invalid amount");

Staking.sol line 604 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L604)
require(_amount > 0, "Invalid amount");

Yieldy.sol line 83 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L83)
require(_totalSupply > 0, "Can't rebase if not circulating");

Yieldy.sol line 96 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L96)
require(rebasingCreditsPerToken > 0, "Invalid change in supply");

  1. Variable1 = Variable1 + Variable2 is cheaper than variable1 += variable2

Staking.sol line 309 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L309)
requestWithdrawalAmount -= requestedWithdrawals.amount;

Staking.sol line 310 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L310)
withdrawalAmount += requestedWithdrawals.amount;

Staking.sol line 494 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L494) withdrawalAmount -= info.amount;

Staking.sol line 538 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L538) amountLeft -= warmUpBalance;

Staking.sol line 694 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L694)
requestWithdrawalAmount += _amount;

ERC20Upgradeable.sol line 288 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L288 _balances[recipient] += amount;

ERC20Upgradeable.sol line 309 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L309 _totalSupply += amount;

ERC20Upgradeable.sol line 310 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L310
_balances[account] += amount;

ERC20Upgradeable.sol line 337 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20Upgradeable.sol#L337
_totalSupply -= amount;

  1. Require instead of &&. Split of conditions of an require sentence in different requires sentences can save gas

Staking.sol line from 54 to 63 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L54)
require( _stakingToken != address(0) && _yieldyToken != address(0) && _tokeToken != address(0) && _tokePool != address(0) && _tokeManager != address(0) && _tokeReward != address(0) && _liquidityReserve != address(0), "Invalid address" );

Staking.sol line 575 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L575) require( !isUnstakingPaused && !isInstantUnstakingPaused, "Unstaking is paused" );

Staking.sol line 606 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L606) require( CURVE_POOL != address(0) && (curvePoolFrom == 1 || curvePoolTo == 1), "Invalid Curve Pool" );

Staking.sol line 612 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L612) require( !isUnstakingPaused && !isInstantUnstakingPaused, "Unstaking is paused" );

LiquidityReserve.sol line 45 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L45) require( _stakingToken != address(0) && _rewardToken != address(0), "Invalid address" );

Migration.sol line 21 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Migration.sol#L21) require( _oldContract != address(0) && _newContract != address(0), "Invalid address" );

  1. Consider to store the value of creditBalances[_address] in a local variable and use it instead of access several times to save gas.

Yieldy.sol line 285 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L285) uint256 currentCredits = creditBalances[_address];

Yieldy.sol line 288 (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L288) creditBalances[_address] = creditBalances[_address] - creditAmount;

  1. Consider not store the value of creditBalances[_address] in a local variable in line 285 of Yieldy.sol (function _burn) and use it in line 286

FROM (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L285) uint256 currentCredits = creditBalances[_address]; require(currentCredits >= creditAmount, "Not enough balance"); TO (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L286) require(creditBalances[_address] >= creditAmount, "Not enough balance");

  1. Consider to change the function canBatchTransactions in file Staking.sol to use tokeManager.getCurrentCycleIndex() in the return instead of store in a local variable. Remove the local variable currentCycleIndex (line 357) and modify line 362 replacing currentCycleIndex for tokeManager.getCurrentCycleIndex()

    https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L357 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L362

  2. Consider to change the function sendWithdrawalRequests in file Staking.sol as shown below. (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L384) On one hand you save the use of variable currentCycleIndex and other hand you are using twice the variable requestWithdrawalAmount due to is used several times is cheaper to store the variable and then use it.

    function sendWithdrawalRequests() public { // check to see if near the end of a TOKE cycle if (canBatchTransactions()) { // if has withdrawal amount to be claimed then claim _withdrawFromTokemak();

        // if more requestWithdrawalAmount exists after _withdrawFromTokemak then request the new amount
	uint256 _requestWithdrawalAmount = requestWithdrawalAmount;
    if (_requestWithdrawalAmount > 0) {
        _requestWithdrawalFromTokemak(_requestWithdrawalAmount);
    }

	ITokeManager tokeManager = ITokeManager(TOKE_MANAGER);
    lastTokeCycleIndex = tokeManager.getCurrentCycleIndex();
}

    }

  3. Consider store the variable LIQUIDITY_RESERVE in a local variable and then use it in function instantUnstakeReserve of Staking.sol (line 571) Function: https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L571 Use of LIQUIDITY_RESERVE: https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L583 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L588

  4. Consider store the variable YIELDY_TOKEN in a local variable and then use it in function rebase() of Staking.sol (line 701) Function: https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L701 Use of YIELDY_TOKEN: https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L704 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L711

  5. Consider use directly function _getTokemakBalance in the return in function contractBalance() in Staking.sol (line 727) to save the use of the local variable as: https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Staking.sol#L727

    function contractBalance() internal view returns (uint256) { return IERC20Upgradeable(STAKING_TOKEN).balanceOf(address(this)) + _getTokemakBalance(); }

  6. Consider in function rebase at Yieldy.sol to use currentTotalSupply in line 83 instead of _totalSupply. https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L83

  7. Consider to use the local variable currentCredits (File Yieldy.sol) assigned at line 285 in line 288 instead of creditBalances[_address] https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L285 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L288

  8. Use unchecked in line 95 of Yieldy.sol (https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/Yieldy.sol#L95) rebasingCreditsPerToken = rebasingCredits / updatedTotalSupply;

  9. Consider to store in a local variable the value of MINIMUM_LIQUIDITY in the function enableLiquidityReserve (file LiquidityReserve.sol) and then use it instead of access always to MINIMUM_LIQUIDITY Function: https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L57 Use of MINIMUM_LIQUIDITY: https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L69 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L78 https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/contracts/LiquidityReserve.sol#L80

  10. Consider to remove de local variable signer line 89 at ERC20PermitUpgradeable.sol and use directly ECDSAUpgradeable.recover(hash, v, r, s) in line 90. FROM https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20PermitUpgradeable.sol#L89 TO https://github.com/code-423n4/2022-06-yieldy/blob/524f3b83522125fb7d4677fa7a7e5ba5a2c0fe67/src/libraries/ERC20PermitUpgradeable.sol#L90

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter