Platform: Code4rena
Start Date: 27/05/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 58
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 15
Id: 131
League: ETH
Rank: 34/58
Findings: 2
Award: $171.81
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xNazgul, 0xf15ers, BowTiedWardens, Chom, Funen, Kaiziron, Kumpa, MiloTruck, Picodes, Ruhum, SecureZeroX, Sm4rty, SmartSek, StyxRave, WatchPug, Waze, asutorufos, bardamu, berndartmueller, c3phas, catchup, cccz, codexploder, cryptphi, defsec, delfin454000, dipp, fatherOfBlocks, gzeon, hake, hansfriese, hyh, masterchief, oyc_109, sach1r0, sashik_eth, shenwilly, simon135, unforgiven
113.8755 USDC - $113.88
Typos
* @param key Key to feeze
Change feeze to freeze
* @dev This does not invlude the gov. tokens queued for withdrawal.
Change invlude to include
event Burned(address targetLpToken, uint256 amountBurned); // Emmited after a successfull burn to target lp token
Change Emmited to Emitted
receive() external payable {} // Recieve function for withdrawing from Backd ETH Pool
Change Recieve to Receive
// Transfering LP tokens back to sender
Change Transfering to Transferring
//TOOD: See if this is still needed somewhere
Change TOOD to TODO
Issue: Require error message typo
Explanation: Messages should provide clear information for users to understand reason for failure
require(_annualInflationDecayAmm < ScaledMath.ONE, Error.INVALID_PARAMETER_VALUE);
Change the referenced error message from delay be at least 3 days to delay must be at least 3 days
Issue: Sensitive terms in both the comments and the code should be updated
Explanation: Terms incorporating "white," "black," "master" or "slave" are potentially problematic. Substituting more neutral terminology is becoming common practice
* @param strategyPool The pool of the strategy to register (avoids blacklisting other addresses).
Suggestion: Change blacklisting to denylisting
require(!_whiteListedFeeHandlers.contains(feeHandler), Error.ADDRESS_WHITELISTED);
Suggestion: Change 'whitelisted' to 'allowlisted' in each case
Similarly for the following instances of 'whitelist' and its variations:
Issue: TODOs that have not been addressed Explanation: Open TODOs should be worked through and removed
//TOOD: See if this is still needed somewhere
#0 - GalloDaSballo
2022-06-20T15:55:59Z
Thorough review of typos much appreciated
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Chom, Dravee, Fitraldys, Funen, Kaiziron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SecureZeroX, Sm4rty, SmartSek, StyxRave, Tadashi, Tomio, Waze, asutorufos, berndartmueller, c3phas, catchup, csanuragjain, defsec, delfin454000, djxploit, fatherOfBlocks, gzeon, hake, hansfriese, oyc_109, robee, sach1r0, sashik_eth, scaraven, simon135
57.93 USDC - $57.93
Issue: Require message is too long
Explanation: The require revert strings referenced below can be shortened to 32 characters or fewer (as shown) to save gas
require(!_stakerVaults.contains(token), Error.STAKER_VAULT_EXISTS);
Change the referenced error message from a staker vault already exists for the token to token already has staker vault
require(currentUInts256[_START_BOOST] == 0, Error.CONTRACT_INITIALIZED);
Change the referenced error message from contract can only be initialized once to contract already initialized
require(_minter != address(0), Error.INVALID_MINTER);
Change the referenced error message from the minter address of the LP token and the pool address do not match to minter and pool address mismatch
The same error message occurs in the lines referenced below:
Example:
require(_annualInflationDecayAmm < ScaledMath.ONE, Error.INVALID_PARAMETER_VALUE);
Change the referenced error message from invalid parameter value attempted to invalid parameter value attempt
require( issuedNonInflationSupply + amount <= nonInflationDistribution, "Maximum non-inflation amount exceeded." );
Change error message to Max non-inflation amt exceeded
require(block.timestamp >= deadline, Error.DEADLINE_NOT_REACHED);
Change the referenced error message from deadline has not been reached yet to deadline not yet reached
Issue: Should use != 0 instead of > 0 in a require statement if variable is an unsigned integer (uint)
Explanation: != 0 should be used where possible since > 0 costs more gas
The same require occurs in all three lines below:
require(amount > 0, Error.INVALID_AMOUNT);
Change amount > 0 to amount != 0 in each case
require(totalLockedBoosted > 0, Error.NOT_ENOUGH_FUNDS);
Change totalLockedBoosted > 0 to totalLockedBoosted != 0
require(length > 0, "No entries");
Change length > 0 to length != 0
require(totalClaimable > 0, Error.ZERO_TRANSFER_NOT_ALLOWED);
Change totalClaimable > 0 to totalClaimable != 0
require(unallocatedSupply > 0, "No reward tokens in contract");
Change unallocatedSupply > 0 to unallocatedSupply != 0
Issue: Variables should not be initialized to their default values
Explanation: For example, initialization of booleans to their default value of false is unnecessary and costs gas
bool keeperGaugeExists = false;
Change to bool keeperGaugeExists;
Issue: Array length should not be looked up in every iteration of a for loop
Explanation: Calculating the array length costs gas
Recommendation: Read the length of the array from memory before executing the loop
for (uint256 i; i < roles.length; i = i.uncheckedInc()) {
Recommendation:
uint256 totalRolesLength = roles.length; for (uint256 i; i < totalRolesLength; i = i.uncheckedInc()) {
Similarly for the seven for loops referenced below:
#0 - GalloDaSballo
2022-06-18T19:27:00Z
6 * 6 = 36
Saves 3 gas per instance 7 * 3 = 21
3
3 per instance 8 * 3 = 24
Total Gas Saved 84