Platform: Code4rena
Start Date: 26/05/2022
Pot Size: $75,000 USDT
Total HM: 31
Participants: 71
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 18
Id: 126
League: ETH
Rank: 48/71
Findings: 2
Award: $152.34
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xf15ers, BouSalman, Chom, Deivitto, Dravee, ElKu, FSchmoede, Funen, GimelSec, Hawkeye, MiloTruck, Picodes, SecureZeroX, SmartSek, TerrierLover, WatchPug, _Adam, asutorufos, berndartmueller, c3phas, catchup, cccz, cogitoergosumsw, cryptphi, csanuragjain, delfin454000, dipp, ellahi, gzeon, hansfriese, horsefacts, hyh, kirk-baird, minhquanym, oyc_109, pauliax, reassor, robee, sashik_eth, shenwilly, simon135, sorrynotsorry, sseefried, unforgiven, xiaoming90, z3s
99.8886 USDT - $99.89
Typos
// platoform fee
Change platoform to platform
//reward factory only allow this to be called once even if owner
Change allow to allows
The same typo (seperate) occurs in both lines below:
Example:
//some gauges claim rewards when depositing, stash them in a seperate contract until next claim
Change separate to separate in both cases
//increase ammount
Change ammount to amount
//can locking immediately or defer locking to someone else by paying a fee.
Change locking immediately to lock immediately
Issue: Update sensitive terms
Explanation: Terms incorporating "white," "black," "master" or "slave" are potentially problematic. Substituting more neutral terminology is becoming common practice
//fees dont apply until whitelist+veVeAsset lock begins so will report
Suggestion: Change whitelist to allowlist
#0 - GalloDaSballo
2022-07-07T00:02:02Z
Valid NC
Valid NC
#1 - GalloDaSballo
2022-07-07T00:02:05Z
2NC
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Cityscape, Dravee, ElKu, FSchmoede, Funen, GalloDaSballo, Hawkeye, Kaiziron, MiloTruck, Randyyy, RoiEvenHaim, Ruhum, SecureZeroX, SmartSek, TerrierLover, TomJ, Tomio, WatchPug, Waze, _Adam, asutorufos, c3phas, catchup, cogitoergosumsw, delfin454000, ellahi, fatherOfBlocks, gzeon, hansfriese, horsefacts, jonatascm, minhquanym, oyc_109, pauliax, reassor, robee, sach1r0, saian, sashik_eth, simon135, z3s
52.4549 USDT - $52.45
Issue: Use of '&&' within a require function
Explanation: Splitting the require into separate requires instead of using '&&' will save gas
require(msg.sender == poolManager && !isShutdown, "!add");
Recommendation:
require(msg.sender == poolManager, "!auth"); require(!isShutdown, "shutdown");
require(_gauge != address(0) && _lptoken != address(0), "!param");
Recommendation:
require(_gauge != address(0), "!param"); require(_lptoken != address(0), "!param");
Issue: Should use != 0 instead of > 0 in a require statement if variable is an unsigned integer
Explanation: != 0 should be used where possible since > 0 costs more gas
Identical require occurs in all five lines below:
require(_amount > 0, "RewardPool : Cannot stake 0");
Change _amount > 0 to _amount != 0 in all cases
require(_amount > 0, "!>0");
Change _amount > 0 to _amount != 0
Issue: Variables should not be initialized to their default values
Explanation: For example, initializing uint variables to their default value of zero is unnecessary and costs gas
uint256 public periodFinish = 0;
Change to uint256 public periodFinish;
uint256 public rewardRate = 0;
Change to uint256 public rewardRate;
uint256 public queuedRewards = 0;
Change to uint256 public queuedRewards;
uint256 public currentRewards = 0;
Change to uint256 public currentRewards;
uint256 public historicalRewards = 0;
Change to uint256 public historicalRewards;
uint256 public incentiveVeAsset = 0;
Change to uint256 public incentiveVeAsset;
uint256 _balance = 0;
Change to uint256 _balance;
Issue: Array length should not be looked up in every iteration of a for loop
Explanation: Calculating the array length costs gas
Recommendation: Read the length of the array from memory before executing the loop. In addition, do not initialize 'i' to zero (its default value) and use ++i instead of i++ since this is also cheaper
There are five for loops initialized using identical code in BaseRewardPool.sol The array length should be retrieved first, as shown in the recommendation below. The recommendation also includes the other gas-saving suggestions:
for (uint256 i = 0; i < extraRewards.length; i++) {
Suggestion:
uint256 totalExtraRewards = extraRewards.length; for (uint256 i; i < totalExtraRewards; ++i) {
The remaining for loops in BaseRewardPool.solshould receive the same treatment:
The following for loops should also be modified similarly:
#0 - GalloDaSballo
2022-07-14T01:57:08Z
Will save less than 1k gas