Aura Finance contest - defsec's results

ISSUE LIST

C4-001 : The Contract Should approve(0) first

C4-002 : Check if amount > 0 before token transfer

C4-003 : Front-runnable Initializers

C4-004 : Missing zero-address check in the setter functions and initiliazers

C4-005 : Missing events for only functions that change critical parameters

C4-006 : Critical changes should use two-step procedure

C4-007 : Pragma Version

C4-008 : transferOwnership should be two step

C4-009 : Missing Re-entrancy Guard

C4-010 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

C4-011 : Contract should have pause/unpause functionality

C4-001 : The Contract Should approve(0) first

Impact - LOW

Some tokens (like USDT L199) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.

IERC20(token).safeApprove(address(operator), 0);
IERC20(token).safeApprove(address(operator), amount);

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraBalRewardPool.sol#L75

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/CrvDepositorWrapper.sol#L52

2. When trying to re-approve an already approved token, all transactions revert and the protocol cannot be used.

Tools Used

None

Recommended Mitigation Steps

Approve with a zero amount first before setting the actual amount. Consider use safeIncreaseAllowance and safeDecreaseAllowance.

C4-002 : Check if amount > 0 before token transfer

Impact

Since _amount can be 0. Checking if (_amount != 0) before the transfer can potentially save an external call and the unnecessary gas cost of a 0 token transfer.

Proof of Concept

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/ExtraRewardsDistributor.sol#L93

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L251

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L234

All Contracts

Tools Used

None

Recommended Mitigation Steps

Consider checking amount != 0.

C4-003 : Front-runnable Initializers

Impact - LOW

All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may be supplied, leaving the contract needing to be redeployed.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/convex-platform/contracts/contracts/ExtraRewardStashV3.sol#L69

2. initialize functions does not have access control. They are vulnerable to front-running.

Tools Used

Manual Code Review

Recommended Mitigation Steps

While the code that can be run in contract constructors is limited, setting the owner in the contract's constructor to the msg.sender and adding the onlyOwner modifier to all initializers would be a sufficient level of access control.

C4-004 : # Missing zero-address check in the setter functions and initiliazers

Impact

Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/convex-platform/contracts/contracts/ExtraRewardStashV3.sol#L69

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/Aura.sol#L61

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraBalRewardPool.sol#L62

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L147

Tools Used

Code Review

Recommended Mitigation Steps

Consider adding zero-address checks in the discussed constructors: require(newAddr != address(0));.

C4-005 : Missing events for only functions that change critical parameters

Impact - Non critical

The afunctions that change critical parameters should emit events. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them and consider if they would like to engage/exit based on how they perceive the changes as affecting the trustworthiness of the protocol or profitability of the implemented financial services. The alternative of directly querying on-chain contract state for such changes is not considered practical for most users/usages.

Missing events and timelocks do not promote transparency and if such changes immediately affect users’ perception of fairness or trustworthiness, they could exit the protocol causing a reduction in liquidity which could negatively impact protocol TVL and reputation.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L99

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L107

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L137

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L239

See similar High-severity H03 finding OpenZeppelin’s Audit of Audius (https://blog.openzeppelin.com/audius-contracts-audit/#high) and Medium-severity M01 finding OpenZeppelin’s Audit of UMA Phase 4 (https://blog.openzeppelin.com/uma-audit-phase-4/)

Tools Used

None

Recommended Mitigation Steps

Add events to all functions that change critical parameters.

C4-006 : Critical changes should use two-step procedure

Impact - NON CRITICAL

The critical procedures should be two step process.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L88

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L99

Tools Used

Code Review

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

C4-007 : # Pragma Version

Impact

In the contracts, floating pragmas should not be used. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

## Proof of Concept

https://swcregistry.io/docs/SWC-103

All Contracts

Tools Used

Manual code review

Recommended Mitigation Steps

Upgrade pragma solidity 0.8.10.

C4-008: transferOwnership should be two step

Impact - NON CRITICAL

The owner is the authorized user in the solidity contracts. Usually, an owner can be updated with transferOwnership function. However, the process is only completed with single transaction. If the address is updated incorrectly, an owner functionality will be lost forever.

Proof of Concept

1. Navigate to the following contracts.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L24

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraMinter.sol#L14

Tools Used

Code Review

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

C4-009 : # Missing Re-entrancy Guard

Impact - LOW

The re-entrancy guard is missing on the some of the functions. The external interactions can cause to the re-entrancy vulnerability.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraClaimZap.sol#L127

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraBalRewardPool.sol#L120

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraBalRewardPool.sol#L138

Tools Used

Code Review

Recommended Mitigation Steps

Follow the check effect interaction pattern or put re-entrancy guard.

C4-010 : Incompatibility With Rebasing/Deflationary/Inflationary tokens

Impact - LOW

PrePo protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after the actual transfer to infer any fees/interest.

Proof of Concept

1. Navigate to the following contract.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L249

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraBalRewardPool.sol#L120

Tools Used

Manual Code Review

Recommended Mitigation Steps

• Ensure that to check previous balance/after balance equals to amount for any rebasing/inflation/deflation
• Add support in contracts for such tokens before accepting user-supplied tokens
• Consider supporting deflationary / rebasing / etc tokens by extra checking the balances before/after or strictly inform your users not to use such tokens if they don't want to lose them.

C4-011 : Contract should have pause/unpause functionality

Impact

In case a hack is occuring or an exploit is discovered, the team should be able to pause functionality until the necessary changes are made to the system. Additionally, the AuraLocker.sol contract should be manged by proxy so that upgrades can be made by the owner.

To use a thorchain example again, the team behind thorchain noticed an attack was going to occur well before the system transferred funds to the hacker. However, they were not able to shut the system down fast enough. (According to the incidence report here: https://github.com/HalbornSecurity/PublicReports/blob/master/Incident%20Reports/Thorchain_Incident_Analysis_July_23_2021.pdf)

Proof of Concept

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L249

Tools Used

Code Review

Recommended Mitigation Steps

Pause functionality on the contract would have helped secure the funds quickly.

C4-001: Revert String Size Optimization

C4-002 : Adding unchecked directive can save gas

C4-003 : Check if amount > 0 before token transfer can save gas

C4-004 : There is no need to assign default values to variables

C4-005 : Free gas savings for using solidity 0.8.10+

C4-006 : ++i is more gas efficient than i++ in loops forwarding

C4-007 : Using operator && used more gas

C4-008 : Non-strict inequalities are cheaper than strict ones

C4-009 : Use Custom Errors instead of Revert Strings to save Gas

C4-010 : Use Shift Right/Left instead of Division/Multiplication if possible

C4-011 : Cache array length in for loops can save gas

C4-012 : State Variables that can be changed to immutable

C4-013 : Use calldata instead of memory for function parameters

C4-014 : SafeMath is not needed when using Solidity version 0.8.*

C4-015 : Missing Balance Check

C4-001: Revert String Size Optimization

Impact

Shortening revert strings to fit in 32 bytes will decrease deploy time gas and will decrease runtime gas when the revert condition has been met.

Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.

Proof of Concept

Revert strings > 32 bytes are here:

 2022-05-aura/convex-platform/contracts/contracts/VirtualBalanceRewardPool.sol::170 => // require(amount > 0, 'VirtualDepositRewardPool: Cannot stake 0');
 2022-05-aura/convex-platform/contracts/contracts/VirtualBalanceRewardPool.sol::183 => //require(amount > 0, 'VirtualDepositRewardPool : Cannot withdraw 0');

Tools Used

Manual Review

Recommended Mitigation Steps

Shorten the revert strings to fit in 32 bytes. That will affect gas optimization.

C4-002 : Adding unchecked directive can save gas

Impact

For the arithmetic operations that will never over/underflow, using the unchecked directive (Solidity v0.8 has default overflow/underflow checks) can save some gas from the unnecessary internal over/underflow checks.

Proof of Concept

 2022-05-aura/contracts/AuraLocker.sol::773 => for (uint256 i = 0; i < userRewardsLength; i++) {
 2022-05-aura/contracts/AuraVestedEscrow.sol::99 => uint256 totalAmount = 0;
 2022-05-aura/contracts/AuraVestedEscrow.sol::100 => for (uint256 i = 0; i < _recipient.length; i++) {
 2022-05-aura/contracts/BalLiquidityProvider.sol::51 => for (uint256 i = 0; i < 2; i++) {
 2022-05-aura/contracts/ExtraRewardsDistributor.sol::231 => uint256 claimableTokens = 0;
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::19 => for (uint256 i = 0; i < _tokens.length; i++) {
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::38 => for (uint256 i = 0; i < tokens.length; i++) {
 2022-05-aura/contracts/mocks/curve/MockCurveGauge.sol::36 => for (uint256 i = 0; i < reward_tokens.length; i++) {
2022-05-aura/contracts/AuraClaimZap.sol::143 => for (uint256 i = 0; i < rewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::147 => for (uint256 i = 0; i < extraRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::151 => for (uint256 i = 0; i < tokenRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraLocker.sol::174 => for (uint256 i = 0; i < rewardTokensLength; i++) {
   2022-05-aura/convex-platform/contracts/contracts/ArbitartorVault.sol::49 => for(uint256 i = 0; i < _toPids.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::214 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::230 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::262 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::296 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::379 => for(uint i=0; i < poolInfo.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::538 => for(uint256 i = 0; i < _gauge.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BoosterOwner.sol::144 => for(uint256 i = 0; i < poolCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/ConvexMasterChef.sol::180 => for (uint256 pid = 0; pid < length; ++pid) {
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::125 => for(uint256 i = 0; i < maxRewards; i++){
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::199 => for(uint i=0; i < tCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol::69 => for(uint i=0; i < usedList.length; i++){

Tools Used

None

Recommended Mitigation Steps

Consider applying unchecked arithmetic where overflow/underflow is not possible. Example can be seen from below.

Unchecked{i++};

C4-003 : Check if amount > 0 before token transfer can save gas

Impact

Since _amount can be 0. Checking if (_amount != 0) before the transfer can potentially save an external call and the unnecessary gas cost of a 0 token transfer.

Proof of Concept

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/ExtraRewardsDistributor.sol#L93

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L251

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L234

All Contracts

Tools Used

None

Recommended Mitigation Steps

Consider checking amount != 0.

C4-004 : There is no need to assign default values to variables

Impact - Gas Optimization

When a variable is declared solidity assigns the default value. In case the contract assigns the value again, it costs extra gas.

Example: uint x = 0 costs more gas than uint x without having any different functionality.

Proof of Concept

 2022-05-aura/contracts/AuraClaimZap.sol::143 => for (uint256 i = 0; i < rewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::147 => for (uint256 i = 0; i < extraRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::151 => for (uint256 i = 0; i < tokenRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraLocker.sol::174 => for (uint256 i = 0; i < rewardTokensLength; i++) {
 2022-05-aura/contracts/AuraLocker.sol::381 => uint256 reward = 0;
 2022-05-aura/contracts/AuraLocker.sol::485 => uint256 futureUnlocksSum = 0;
 2022-05-aura/contracts/AuraLocker.sol::540 => uint256 unlocksSinceLatestCkpt = 0;
 2022-05-aura/contracts/AuraLocker.sol::630 => uint256 low = 0;
 2022-05-aura/contracts/AuraLocker.sol::773 => for (uint256 i = 0; i < userRewardsLength; i++) {
 2022-05-aura/contracts/AuraVestedEscrow.sol::99 => uint256 totalAmount = 0;
 2022-05-aura/contracts/AuraVestedEscrow.sol::100 => for (uint256 i = 0; i < _recipient.length; i++) {
 2022-05-aura/contracts/BalLiquidityProvider.sol::51 => for (uint256 i = 0; i < 2; i++) {
 2022-05-aura/contracts/ExtraRewardsDistributor.sol::231 => uint256 claimableTokens = 0;
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::19 => for (uint256 i = 0; i < _tokens.length; i++) {
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::38 => for (uint256 i = 0; i < tokens.length; i++) {
 2022-05-aura/contracts/mocks/curve/MockCurveGauge.sol::36 => for (uint256 i = 0; i < reward_tokens.length; i++) {
   2022-05-aura/convex-platform/contracts/contracts/ArbitartorVault.sol::49 => for(uint256 i = 0; i < _toPids.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::214 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::230 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::262 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::296 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::379 => for(uint i=0; i < poolInfo.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::538 => for(uint256 i = 0; i < _gauge.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BoosterOwner.sol::144 => for(uint256 i = 0; i < poolCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/ConvexMasterChef.sol::180 => for (uint256 pid = 0; pid < length; ++pid) {
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::125 => for(uint256 i = 0; i < maxRewards; i++){
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::199 => for(uint i=0; i < tCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol::69 => for(uint i=0; i < usedList.length; i++){

Tools Used

Code Review

Recommended Mitigation Steps

uint x = 0 costs more gas than uint x without having any different functionality.

C4-005 : Free gas savings for using solidity 0.8.10+

Impact

Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free.

Proof of Concept

All Contracts

Solidity 0.8.10 has a useful change which reduced gas costs of external calls which expect a return value: https://blog.soliditylang.org/2021/11/09/solidity-0.8.10-release-announcement/

Solidity 0.8.13 has some improvements too but not well tested.

Code Generator: Skip existence check for external contract if return data is expected. In this case, the ABI decoder will revert if the contract does not exist

All Contracts

Tools Used

None

Recommended Mitigation Steps

Consider to upgrade pragma to at least 0.8.10.

C4-006 : ++i is more gas efficient than i++ in loops forwarding

Impact

++i is more gas efficient than i++ in loops forwarding.

Proof of Concept

1. Navigate to the following contracts.

 2022-05-aura/contracts/AuraLocker.sol::773 => for (uint256 i = 0; i < userRewardsLength; i++) {
 2022-05-aura/contracts/AuraVestedEscrow.sol::99 => uint256 totalAmount = 0;
 2022-05-aura/contracts/AuraVestedEscrow.sol::100 => for (uint256 i = 0; i < _recipient.length; i++) {
 2022-05-aura/contracts/BalLiquidityProvider.sol::51 => for (uint256 i = 0; i < 2; i++) {
 2022-05-aura/contracts/ExtraRewardsDistributor.sol::231 => uint256 claimableTokens = 0;
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::19 => for (uint256 i = 0; i < _tokens.length; i++) {
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::38 => for (uint256 i = 0; i < tokens.length; i++) {
 2022-05-aura/contracts/mocks/curve/MockCurveGauge.sol::36 => for (uint256 i = 0; i < reward_tokens.length; i++) {
2022-05-aura/contracts/AuraClaimZap.sol::143 => for (uint256 i = 0; i < rewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::147 => for (uint256 i = 0; i < extraRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::151 => for (uint256 i = 0; i < tokenRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraLocker.sol::174 => for (uint256 i = 0; i < rewardTokensLength; i++) {
   2022-05-aura/convex-platform/contracts/contracts/ArbitartorVault.sol::49 => for(uint256 i = 0; i < _toPids.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::214 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::230 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::262 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::296 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::379 => for(uint i=0; i < poolInfo.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::538 => for(uint256 i = 0; i < _gauge.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BoosterOwner.sol::144 => for(uint256 i = 0; i < poolCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/ConvexMasterChef.sol::180 => for (uint256 pid = 0; pid < length; ++pid) {
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::125 => for(uint256 i = 0; i < maxRewards; i++){
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::199 => for(uint i=0; i < tCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol::69 => for(uint i=0; i < usedList.length; i++){

Tools Used

Code Review

Recommended Mitigation Steps

It is recommend to use unchecked{++i} and change i declaration to uint256.

C4-007 : Using operator && used more gas

Impact

Using double require instead of operator && can save more gas.

Proof of Concept

1. Navigate to the following contracts.

2022-05-aura/contracts/ExtraRewardsDistributor.sol:171:        require(_index > 0 && _index < rewardEpochs[_token].length - 1, "!past");
2022-05-aura/contracts/AuraLocker.sol:311:                if (_rewardsToken == cvxCrv && _stake && _account == msg.sender) {
2022-05-aura/contracts/AuraLocker.sol:382:        uint256 expiryTime = _checkDelay == 0 && _relock
2022-05-aura/contracts/AuraStakingProxy.sol:90:        require(_outputBps > 9000 && _outputBps < 10000, "Invalid output bps");
2022-05-aura/contracts/AuraStakingProxy.sol:159:        require(_token != crv && _token != cvx && _token != cvxCrv, "not allowed");
2022-05-aura/contracts/AuraStakingProxy.sol:203:        require(address(_token) != crv && address(_token) != cvxCrv, "not allowed");
2022-05-aura/contracts/BalLiquidityProvider.sol:48:        require(_request.assets.length == 2 && _request.maxAmountsIn.length == 2, "!valid");
2022-05-aura/contracts/BalLiquidityProvider.sol:57:            require(bal > 0 && bal == _request.maxAmountsIn[i], "!bal");

Tools Used

Code Review

Recommended Mitigation Steps

Example

using &&:

function check(uint x)public view{
require(x == 0 && x < 1 );
}
// gas cost 21630

using double require:

require(x == 0 );
require( x < 1);
}
}
// gas cost 21622

C4-008 : Non-strict inequalities are cheaper than strict ones

Impact

Strict inequalities add a check of non equality which costs around 3 gas.

Proof of Concept

 2022-05-aura/contracts/Aura.sol::68 => require(_amount > 0, "Must mint something");
 2022-05-aura/contracts/AuraBalRewardPool.sol::121 => require(_amount > 0, "RewardPool : Cannot stake 0");
 2022-05-aura/contracts/AuraBalRewardPool.sol::139 => require(_amount > 0, "RewardPool : Cannot stake 0");
 2022-05-aura/contracts/AuraBalRewardPool.sol::157 => require(amount > 0, "RewardPool : Cannot withdraw 0");
 2022-05-aura/contracts/AuraBalRewardPool.sol::178 => if (reward > 0) {
 2022-05-aura/contracts/AuraBalRewardPool.sol::210 => require(rewardsAvailable > 0, "!balance");
 2022-05-aura/contracts/AuraClaimZap.sol::196 => if (depositCrvMaxAmount > 0) {
 2022-05-aura/contracts/AuraClaimZap.sol::200 => if (crvBalance > 0) {
 2022-05-aura/contracts/AuraClaimZap.sol::218 => if (depositCvxMaxAmount > 0) {
 2022-05-aura/contracts/AuraClaimZap.sol::221 => if (cvxBalance > 0) {
 2022-05-aura/contracts/AuraLocker.sol::210 => require(rewardData[_rewardsToken].lastUpdateTime > 0, "Reward does not exist");
 2022-05-aura/contracts/AuraLocker.sol::259 => require(_amount > 0, "Cannot stake 0");
 2022-05-aura/contracts/AuraLocker.sol::309 => if (reward > 0) {
 2022-05-aura/contracts/AuraLocker.sol::359 => require(amt > 0, "Nothing locked");
 2022-05-aura/contracts/AuraLocker.sol::385 => require(length > 0, "no locks");
 2022-05-aura/contracts/AuraLocker.sol::400 => if (_checkDelay > 0) {
 2022-05-aura/contracts/AuraLocker.sol::419 => if (_checkDelay > 0) {
 2022-05-aura/contracts/AuraLocker.sol::431 => require(locked > 0, "no exp locks");
 2022-05-aura/contracts/AuraLocker.sol::443 => if (reward > 0) {
 2022-05-aura/contracts/AuraLocker.sol::471 => require(len > 0, "Nothing to delegate");
 2022-05-aura/contracts/AuraLocker.sol::496 => if (i > 0) {
 2022-05-aura/contracts/AuraLocker.sol::520 => if (ckpts.length > 0) {
 2022-05-aura/contracts/AuraLocker.sol::664 => for (uint256 i = locksLength; i > 0; i--) {
 2022-05-aura/contracts/AuraLocker.sol::726 => for (uint256 i = epochIndex + 1; i > 0; i--) {
 2022-05-aura/contracts/AuraLocker.sol::822 => require(_rewards > 0, "No reward");
 2022-05-aura/contracts/AuraLocker.sol::851 => require(_reward > 0, "No reward");
 2022-05-aura/contracts/AuraMerkleDrop.sol::122 => require(_amount > 0, "!amount");
 2022-05-aura/contracts/AuraPenaltyForwarder.sol::52 => require(bal > 0, "!empty");
 2022-05-aura/contracts/AuraStakingProxy.sol::177 => if (crvBal > 0) {
 2022-05-aura/contracts/AuraStakingProxy.sol::185 => if (cvxCrvBal > 0) {
 2022-05-aura/contracts/AuraStakingProxy.sol::207 => if (bal > 0) {
 2022-05-aura/contracts/AuraVestedEscrow.sol::118 => require(totalLocked[_recipient] > 0, "!funding");
 2022-05-aura/contracts/BalLiquidityProvider.sol::57 => require(bal > 0 && bal == _request.maxAmountsIn[i], "!bal");
 2022-05-aura/contracts/BalLiquidityProvider.sol::70 => require(balAfter > 0, "!mint");
 2022-05-aura/contracts/ExtraRewardsDistributor.sol::149 => if (claimableTokens > 0) {
 2022-05-aura/contracts/ExtraRewardsDistributor.sol::171 => require(_index > 0 && _index < rewardEpochs[_token].length - 1, "!past");
 2022-05-aura/contracts/ExtraRewardsDistributor.sol::224 => // e.g. epochIndex = 27 > 0 ? 27 : 0 = 27
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::30 => if (rate > 0) {
 2022-05-aura/contracts/mocks/curve/MockCurveVoteEscrow.sol::43 => require(amount > 0, "!amount");
 2022-05-aura/contracts/mocks/curve/MockCurveVoteEscrow.sol::53 => require(lockAmounts[msg.sender] > 0, "Must have a lock");
 2022-05-aura/contracts/mocks/curve/MockCurveVoteEscrow.sol::55 => require(amount > 0, "!amount");

Tools Used

Code Review

Recommended Mitigation Steps

Use >= or <= instead of > and < when possible.

C4-009 : Use Custom Errors instead of Revert Strings to save Gas

Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met)

Source Custom Errors in Solidity:

Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them.

Custom errors are defined using the error statement, which can be used inside and outside of contracts (including interfaces and libraries).

Instances include:

All require Statements

Tools Used

Code Review

Recommended Mitigation Steps

Recommended to replace revert strings with custom errors.

C4-010 : Use Shift Right/Left instead of Division/Multiplication if possible

Impact

A division/multiplication by any number x being a power of 2 can be calculated by shifting log2(x) to the right/left.

While the DIV opcode uses 5 gas, the SHR opcode only uses 3 gas. Furthermore, Solidity's division operation also includes a division-by-0 prevention which is bypassed using shifting.

Proof of Concept

Contracts

Tools Used

None

Recommended Mitigation Steps

A division/multiplication by any number x being a power of 2 can be calculated by shifting log2(x) to the right/left.

C4-011 : Cache array length in for loops can save gas

Impact

Reading array length at each iteration of the loop takes 6 gas (3 for mload and 3 to place memory_offset) in the stack.

Caching the array length in the stack saves around 3 gas per iteration.

Proof of Concept

1. Navigate to the following smart contract line.

 2022-05-aura/contracts/AuraLocker.sol::773 => for (uint256 i = 0; i < userRewardsLength; i++) {
 2022-05-aura/contracts/AuraVestedEscrow.sol::99 => uint256 totalAmount = 0;
 2022-05-aura/contracts/AuraVestedEscrow.sol::100 => for (uint256 i = 0; i < _recipient.length; i++) {
 2022-05-aura/contracts/BalLiquidityProvider.sol::51 => for (uint256 i = 0; i < 2; i++) {
 2022-05-aura/contracts/ExtraRewardsDistributor.sol::231 => uint256 claimableTokens = 0;
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::19 => for (uint256 i = 0; i < _tokens.length; i++) {
 2022-05-aura/contracts/mocks/balancer/MockFeeDistro.sol::38 => for (uint256 i = 0; i < tokens.length; i++) {
 2022-05-aura/contracts/mocks/curve/MockCurveGauge.sol::36 => for (uint256 i = 0; i < reward_tokens.length; i++) {
2022-05-aura/contracts/AuraClaimZap.sol::143 => for (uint256 i = 0; i < rewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::147 => for (uint256 i = 0; i < extraRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraClaimZap.sol::151 => for (uint256 i = 0; i < tokenRewardContracts.length; i++) {
 2022-05-aura/contracts/AuraLocker.sol::174 => for (uint256 i = 0; i < rewardTokensLength; i++) {
   2022-05-aura/convex-platform/contracts/contracts/ArbitartorVault.sol::49 => for(uint256 i = 0; i < _toPids.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::214 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::230 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::262 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BaseRewardPool.sol::296 => for(uint i=0; i < extraRewards.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::379 => for(uint i=0; i < poolInfo.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/Booster.sol::538 => for(uint256 i = 0; i < _gauge.length; i++){
 2022-05-aura/convex-platform/contracts/contracts/BoosterOwner.sol::144 => for(uint256 i = 0; i < poolCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/ConvexMasterChef.sol::180 => for (uint256 pid = 0; pid < length; ++pid) {
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::125 => for(uint256 i = 0; i < maxRewards; i++){
 2022-05-aura/convex-platform/contracts/contracts/ExtraRewardStashV3.sol::199 => for(uint i=0; i < tCount; i++){
 2022-05-aura/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol::69 => for(uint i=0; i < usedList.length; i++){

Tools Used

None

Recommended Mitigation Steps

Consider to cache array length.

C4-012 : State Variables that can be changed to immutable

Impact

Solidity 0.6.5 introduced immutable as a major feature. It allows setting contract-level variables at construction time which gets stored in code rather than storage.

Consider the following generic example:

contract C {
  /// The owner is set during contruction time, and never changed afterwards.
  address public owner = msg.sender;
}

In the above example, each call to the function owner() reads from storage, using a sload. After EIP-2929, this costs 2100 gas cold or 100 gas warm. However, the following snippet is more gas efficient:

contract C {
  /// The owner is set during contruction time, and never changed afterwards.
  address public immutable owner = msg.sender;
}

In the above example, each storage read of the owner state variable is replaced by the instruction push32 value, where value is set during contract construction time. Unlike the last example, this costs only 3 gas.

Proof of Concept

1. Navigate to the following smart contract line.

https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/Aura.sol#L32

Tools Used

None

Recommended Mitigation Steps

Consider using immutable variable.

C4-013 : Use calldata instead of memory for function parameters

Impact

In some cases, having function arguments in calldata instead of memory is more optimal.

Consider the following generic example:

contract C {
  function add(uint[] memory arr) external returns (uint sum) {
      uint length = arr.length;
      for (uint i = 0; i < arr.length; i++) {
          sum += arr[i];
      }
  }
}

In the above example, the dynamic array arr has the storage location memory. When the function gets called externally, the array values are kept in calldata and copied to memory during ABI decoding (using the opcode calldataload and mstore). And during the for loop, arr[i] accesses the value in memory using a mload. However, for the above example this is inefficient. Consider the following snippet instead:

contract C {
  function add(uint[] calldata arr) external returns (uint sum) {
      uint length = arr.length;
      for (uint i = 0; i < arr.length; i++) {
          sum += arr[i];
      }
  }
}

In the above snippet, instead of going via memory, the value is directly read from calldata using calldataload. That is, there are no intermediate memory operations that carries this value.

Gas savings: In the former example, the ABI decoding begins with copying value from calldata to memory in a for loop. Each iteration would cost at least 60 gas. In the latter example, this can be completely avoided. This will also reduce the number of instructions and therefore reduces the deploy time cost of the contract.

In short, use calldata instead of memory if the function argument is only read.

Note that in older Solidity versions, changing some function arguments from memory to calldata may cause "unimplemented feature error". This can be avoided by using a newer (0.8.*) Solidity compiler.

Proof of Concept

1. Navigate to the following smart contract line.

2022-05-aura/contracts/AuraClaimZap.sol:128:        address[] calldata rewardContracts,
2022-05-aura/contracts/AuraClaimZap.sol:129:        address[] calldata extraRewardContracts,
2022-05-aura/contracts/AuraClaimZap.sol:130:        address[] calldata tokenRewardContracts,
2022-05-aura/contracts/AuraClaimZap.sol:131:        address[] calldata tokenRewardTokens,
2022-05-aura/contracts/AuraMerkleDrop.sol:115:        bytes32[] calldata _proof,

Tools Used

None

Recommended Mitigation Steps

Some parameters in examples given above are later hashed. It may be beneficial for those parameters to be in memory rather than calldata.

C4-014: SafeMath is not needed when using Solidity version 0.8.*

Impact

Solidity version 0.8.* already implements overflow and underflow checks by default. Using the SafeMath library from OpenZeppelin (which is more gas expensive than the 0.8.* overflow checks) is therefore redundant.

Proof of Concept

2022-05-aura/contracts/AuraBalRewardPool.sol:5:import { SafeMath } from "@openzeppelin/contracts-0.8/utils/math/SafeMath.sol";
2022-05-aura/contracts/AuraBalRewardPool.sol:24:    using SafeMath for uint256;
2022-05-aura/contracts/AuraStakingProxy.sol:7:import { SafeMath } from "@openzeppelin/contracts-0.8/utils/math/SafeMath.sol";
2022-05-aura/contracts/AuraStakingProxy.sol:35:    using SafeMath for uint256;

Tools Used

Manual Review

Recommended Mitigation Steps

Use the built-in checks instead of SafeMath and remove SafeMath from the dependencies.

C4-015: Missing Balance Check Will Revert

Impact

If the user does not have enough balance, the function always will be reverted.

Proof of Concept

    function stakeFor(address _for, uint256 _amount) public updateReward(_for) returns (bool) {
        require(_amount > 0, "RewardPool : Cannot stake 0");

        //give to _for
        _totalSupply = _totalSupply.add(_amount);
        _balances[_for] = _balances[_for].add(_amount);

        //take away from sender
        stakingToken.safeTransferFrom(msg.sender, address(this), _amount);
        emit Staked(_for, _amount);

        return true;
    }

    function withdraw(
        uint256 amount,
        bool claim,
        bool lock
    ) public updateReward(msg.sender) returns (bool) {
        require(amount > 0, "RewardPool : Cannot withdraw 0");

        _totalSupply = _totalSupply.sub(amount);
        _balances[msg.sender] = _balances[msg.sender].sub(amount);

        stakingToken.safeTransfer(msg.sender, amount);
        emit Withdrawn(msg.sender, amount);

        if (claim) {
            getReward(lock);
        }

        return true;
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Use balance check before interaction with the withdraw/depositFor function.

require(_balances[msg.sender]>_amount,"Amount is not enough");