Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $75,000 USDC
Total HM: 6
Participants: 55
Period: 7 days
Judge: Albert Chon
Total Solo HM: 2
Id: 116
League: COSMOS
Rank: 37/55
Findings: 2
Award: $179.65
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry
113.5088 USDC - $113.51
Typo
// Update invaldiation nonce
Change invaldiation to invalidation
🌟 Selected for report: GermanKuber
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, AlleyCat, CertoraInc, Dravee, Funen, GimelSec, IllIllI, JC, MaratCerby, WatchPug, Waze, defsec, delfin454000, ellahi, gzeon, hake, hansfriese, ilan, jonatascm, nahnah, oyc_109, peritoflores, rfa, robee, simon135, slywaters, sorrynotsorry
66.1426 USDC - $66.14
Issue: Require message is to long
Explanation: The messages below can be shortened to 32 characters or fewer (as shown) to save gas
"The caller is not whitelisted for this operation"
Change message to Caller is not whitelisted for op
"Validator signature does not match."
Change message to Validator sig does not match
There are additional long require messages below that might be hard to cut back while preserving their meaning:
"New valset nonce must be greater than the current nonce"
"New batch nonce must be greater than the current nonce"
"Batch timeout must be greater than the current block height"
"New invalidation nonce must be greater than the current nonce"
require(address(_cudosAccessControls) != address(0), "Access control contract address is incorrect");
The same long require message occurs in both lines below:
"Submitted validator set signatures do not have enough power."
The same long require message occurs in all three lines below:
"Supplied current validators and powers do not match checkpoint."
The same long require message occurs in all three lines below:
"The sender of the transaction is not validated orchestrator"
Issue: Use of '&&' within a require function
Explanation: Dividing the require into separate require messages instead of using '&&' will save gas
require( _amounts.length == _destinations.length && _amounts.length == _fees.length, "Malformed batch of transactions" );
Recommended:
require(_amounts.length == _destinations.length, "Malformed batch of transactions)"; require(_amounts.length == _fees.length, "Malformed batch of transactions)";
The same require function with embedded '&&' occurs in all three sets of lines below:
require( _currentValset.validators.length == _currentValset.powers.length && _currentValset.validators.length == _v.length && _currentValset.validators.length == _r.length && _currentValset.validators.length == _s.length, "Malformed current validator set" );
Recommended:
require(_currentValset.validators.length == _currentValset.powers.length, "Malformed current validator set"); require(_currentValset.validators.length == _v.length, "Malformed current validator set"); require(_currentValset.validators.length == _r.length, "Malformed current validator set"); require(_currentValset.validators.length == _s.length, "Malformed current validator set");
Issue: Variables should not be initialized to their default values
Explanation: Initializing uint variables to their default value of 0 is unnecessary and costs gas
uint256 public state_lastValsetNonce = 0;
Recommended:
uint256 public state_lastValsetNonce;
uint256 cumulativePower is initialized to zero in both lines below:
uint256 cumulativePower = 0;
Recommended:
uint256 cumulativePower;