Platform: Code4rena
Start Date: 09/12/2021
Pot Size: $25,000 USDC
Total HM: 12
Participants: 25
Period: 4 days
Judge: LSDan
Total Solo HM: 4
Id: 64
League: ETH
Rank: 4/25
Findings: 3
Award: $1,104.15
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: csanuragjain
defsec
When the promotion is created, the _promotion.startTimestamp variable can be so old date. That will cause to affect to epoch calculation.
_promotions[_nextPromotionId] = Promotion( msg.sender, _ticket, _token, _tokensPerEpoch, _startTimestamp, _epochDuration, _numberOfEpochs );
None
Consider to add require( _startTimestamp >= block.timestamp, "Should be more than current date");
#0 - PierrickGT
2021-12-13T15:55:58Z
🌟 Selected for report: pmerkleplant
Also found by: GiveMeTestEther, WatchPug, defsec, pauliax
defsec
Pooltogether protocol allows different tokens to be used as promotion token. The Promotion contract do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.
Code Review
Make sure promotion token for any rebasing/inflation/deflation Add support in contracts for such tokens before accepting user-supplied tokens
#0 - PierrickGT
2021-12-13T15:39:02Z
44.9501 USDC - $44.95
defsec
For the arithmetic operations that will never over/underflow, using the unchecked directive (Solidity v0.8 has default overflow/underflow checks) can save some gas from the unnecessary internal over/underflow checks.
https://github.com/pooltogether/v4-periphery/blob/b520faea26bcf60371012f6cb246aa149abd3c7d/contracts/TwabRewards.sol#L98
None
Consider applying unchecked arithmetic where overflow/underflow is not possible.
#0 - PierrickGT
2021-12-14T16:25:58Z
🌟 Selected for report: robee
Also found by: GiveMeTestEther, Jujic, Meta0xNull, WatchPug, defsec, sirhashalot, ye0lde
defsec
Shortening revert strings to fit in 32 bytes will decrease deploy time gas and will decrease runtime gas when the revert condition has been met.
Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.
Revert strings > 32 bytes are here:
Manual Review
Shorten the revert strings to fit in 32 bytes. That will affect gas optimization.
#0 - PierrickGT
2021-12-13T15:23:33Z
🌟 Selected for report: robee
Also found by: 0x0x0x, defsec, leastwood, pmerkleplant
13.1075 USDC - $13.11
defsec
Reading array length at each iteration of the loop takes 6 gas (3 for mload and 3 to place memory_offset) in the stack.
Caching the array length in the stack saves around 3 gas per iteration.
https://github.com/pooltogether/v4-periphery/blob/b520faea26bcf60371012f6cb246aa149abd3c7d/contracts/TwabRewards.sol#L172 https://github.com/pooltogether/v4-periphery/blob/b520faea26bcf60371012f6cb246aa149abd3c7d/contracts/TwabRewards.sol#L217
None
Consider to cache array length.
#0 - PierrickGT
2021-12-13T15:24:32Z
18.2048 USDC - $18.20
defsec
++i is more gas efficient than i++ in loops forwarding.
Code Review
It is recommend to use unchecked{++i} and change i declaration to uint256.
#0 - PierrickGT
2021-12-13T15:27:03Z