Platform: Code4rena
Start Date: 26/05/2022
Pot Size: $75,000 USDT
Total HM: 31
Participants: 71
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 18
Id: 126
League: ETH
Rank: 50/71
Findings: 2
Award: $151.99
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xf15ers, BouSalman, Chom, Deivitto, Dravee, ElKu, FSchmoede, Funen, GimelSec, Hawkeye, MiloTruck, Picodes, SecureZeroX, SmartSek, TerrierLover, WatchPug, _Adam, asutorufos, berndartmueller, c3phas, catchup, cccz, cogitoergosumsw, cryptphi, csanuragjain, delfin454000, dipp, ellahi, gzeon, hansfriese, horsefacts, hyh, kirk-baird, minhquanym, oyc_109, pauliax, reassor, robee, sashik_eth, shenwilly, simon135, sorrynotsorry, sseefried, unforgiven, xiaoming90, z3s
99.9237 USDT - $99.92
L-1 address(0) checks As mistakes happen, address(0) checks should be made to avoid having to redeploy contracts https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/StashFactory.sol#:~:text=rewardFactory%20%3D%20_rewardFactory%3B Add the address(0) check L-2 Missing checks for address(0x0) when assigning values to address state variables. https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VoterProxy.sol#:~:text=%22!auth%22)%3B-,owner%20%3D%20_owner%3B,-%7D
N-1 Multiple address mapping can combined into single mapping of an address to a struct. https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/BaseRewardPool.sol#:~:text=mapping(address,)%20private%20_balances%3B
N-2 Events is missing indexed fields. Each event use three indexed fields if there are three or more fields.
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/Booster.sol#:~:text=event%20FeesUpdated(,uint256%20platform
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/BaseRewardPool.sol#:~:text=event%20RewardUpdated(,)%3B
#0 - GalloDaSballo
2022-07-06T23:28:55Z
Valid Low
More like a gas finding, also without POC the advice is not actionable
Disagree with the events linked, 1 is for settings, the other has indexed
#1 - GalloDaSballo
2022-07-06T23:29:03Z
1L
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Cityscape, Dravee, ElKu, FSchmoede, Funen, GalloDaSballo, Hawkeye, Kaiziron, MiloTruck, Randyyy, RoiEvenHaim, Ruhum, SecureZeroX, SmartSek, TerrierLover, TomJ, Tomio, WatchPug, Waze, _Adam, asutorufos, c3phas, catchup, cogitoergosumsw, delfin454000, ellahi, fatherOfBlocks, gzeon, hansfriese, horsefacts, jonatascm, minhquanym, oyc_109, pauliax, reassor, robee, sach1r0, saian, sashik_eth, simon135, z3s
52.0655 USDT - $52.07
C4 finding submitted: (risk = G (Gas Optimization)) Wallet address: 0xB4EBA2c82c248584a2DA0c75e1168D3b931D18af
G-1 Variables: No need to initialize variables that have default variables.
Variables that are not set or initialize variables will have default variables like bool with false and address(0) for address.
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VE3DLocker.sol#:~:text=bool%20public%20isShutdown%20%3D%20false%3B
G-2 ++1 cost less gas compared to i++ or i+= 1
I suggest using ++i instead of i++ to increment the value of an uint variable.
G-3 != 0 is a cheaper operation compared to > 0, when dealing with uint.
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VE3DRewardPool.sol#:~:text=.sender)%20%7B-,require(_amount%20%3E%200%2C%20%22RewardPool%20%3A%20Cannot%20stake%200%22)%3B,-//also%20stake%20to
G-4 Loops can be implement more efficient.
Saving gas by caching the length. If the length of the array doesn't change inside the loop.
Example of recommended implementation.
uint length = arr.length;
for (uint i; i < length; i++) {
//Operations not effecting the length of the array.
G-5 Avoid Initialization of Loop Index If It Is 0 to Save Gas The local variable used as for loop index doesn't need to be initialized to 0 because the default value is 0.
#0 - GalloDaSballo
2022-07-14T01:49:20Z
Saves at most 500g