Platform: Code4rena
Start Date: 27/05/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 58
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 15
Id: 131
League: ETH
Rank: 35/58
Findings: 2
Award: $171.81
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xNazgul, 0xf15ers, BowTiedWardens, Chom, Funen, Kaiziron, Kumpa, MiloTruck, Picodes, Ruhum, SecureZeroX, Sm4rty, SmartSek, StyxRave, WatchPug, Waze, asutorufos, bardamu, berndartmueller, c3phas, catchup, cccz, codexploder, cryptphi, defsec, delfin454000, dipp, fatherOfBlocks, gzeon, hake, hansfriese, hyh, masterchief, oyc_109, sach1r0, sashik_eth, shenwilly, simon135, unforgiven
113.8755 USDC - $113.88
L-1 Maybe should have address(0) checks to avoid having to redeploy contracts https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/BkdLocker.sol#:~:text=rewardToken%20%3D%20_rewardToken%3B
L-2 Missing checks for address when assigning values to address state variables https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/BkdLocker.sol#:~:text=rewardToken%20%3D%20newRewardToken%3B
N-1 Multiple addresss mapping can be combined into a single mapping of an address to a struct.
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/BkdLocker.sol#:~:text=mapping(address,)%20public%20totalStashed%3B
N-2 Emit an event in setInflationRecipient()
The setInflationRecipient() function is operated only by the governerance and should emit an event when the inflationrecipient is set for the first time or changes.
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/AmmConvexGauge.sol#:~:text=function%20setInflationRecipient(,%7D
#0 - GalloDaSballo
2022-06-20T15:33:18Z
I think the lack of validation findings have merit, however the Struct commend is not actionable
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Chom, Dravee, Fitraldys, Funen, Kaiziron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SecureZeroX, Sm4rty, SmartSek, StyxRave, Tadashi, Tomio, Waze, asutorufos, berndartmueller, c3phas, catchup, csanuragjain, defsec, delfin454000, djxploit, fatherOfBlocks, gzeon, hake, hansfriese, oyc_109, robee, sach1r0, sashik_eth, scaraven, simon135
57.93 USDC - $57.93
G-1 COMPARISONS WITH ZERO FOR UNSIGNED INTEGERS
>0 is less gas efficient than !0 only if you enable optimizer and you're in a require statement.
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/BkdLocker.sol#:~:text=require(amount%20%3E%200%2C%20Error.INVALID_AMOUNT)%3B
G-2 An length should be cached to save gas in for-loops Some of the for-loops in other contracts already have been doing this but the one below hasn't. https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/StakerVault.sol#:~:text=for%20(uint256%20i%3B%20i%20%3C%20actions.length%3B%20i%20%3D%20i.uncheckedInc())%20%7B
#0 - GalloDaSballo
2022-06-17T23:16:08Z
Saves 6 gas in total