Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $50,000 USDC
Total HM: 31
Participants: 99
Period: 5 days
Judges: moose-code, JasoonS, denhampreen
Total Solo HM: 17
Id: 139
League: ETH
Rank: 14/99
Findings: 2
Award: $1,238.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: unforgiven
Also found by: IllIllI, TrungOre, asutorufos, hake, robee
1211.7009 USDC - $1,211.70
There are ERC20 tokens that may make certain customizations to their ERC20 contracts.
One type of these tokens is deflationary tokens that charge a certain fee for every transfer() or transferFrom().
When IERC20Upgradeable(TOKE_TOKEN) get set to totalTokeAmount it will be different once safetransfer have fees as some types of tokens may charge a certain fee for transfer and transferfrom.
It may be better to get the before balance then safetransferfrom then get the after balance to make sure no fees were added.
Manual Review
#0 - toshiSat
2022-07-28T19:26:36Z
We will not support deflationary tokens. We will document this
#1 - KenzoAgada
2022-08-26T08:59:45Z
In the judging sheet, this is judged as unique but looks like a duplicate of #222 M-17
🌟 Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters
26.5713 USDC - $26.57
G-1 - Use != 0 instead of > 0 for Unsigned Integer Comparison
When dealing with unsigned integer types, comparisons with != 0 are cheaper then with > 0.
Staking.sol L#118
Staking.sol L#410
[Staking.sol L#572]https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/Staking.sol#:~:text=)%20external%20%7B-,require(_amount%20%3E%200%2C%20%22Invalid%20amount%22)%3B,-//%20prevent%20unstaking%20if
[Staking.sol L#604]https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/Staking.sol#:~:text=%7B-,require(_amount%20%3E%200%2C%20%22Invalid%20amount%22)%3B,-require(
Yieldy.sol L#83
Yieldy.sol L#96
G-2 STATE VARIABLES ONLY SET IN THE CONSTRUCTOR SHOULD BE DECLARED IMMUTABLE Avoids a Gsset (20000 gas)
Migration.sol L#14 Migration.sol L#15 Migration.sol L#16
G-3 VISIBILITY: PUBLIC FUNCTIONS TO EXTERNAL The following functions could be set external to save gas and improve code quality. External call cost is less expensive than of public functions. Yieldy.sol L#138 Yieldy.sol L#147 Yieldy.sol L#160 Yieldy.sol L#172 Yieldy.sol L#182 Yieldy.sol L#227