Yieldy contest - delfin454000's results

Improper state handling

Identical code is repeated in Staking.sol lines 84-87 and 88-91, as shown below:

---

contracts/Staking.sol: L84-91

        IERC20Upgradeable(YIELDY_TOKEN).approve(
            LIQUIDITY_RESERVE,
            type(uint256).max
        );
        IERC20Upgradeable(YIELDY_TOKEN).approve(
            LIQUIDITY_RESERVE,
            type(uint256).max
        );

Recommendation: Remove duplicate code

---

Require revert string is too long

The revert strings below can be shortened to 32 characters or fewer (as shown) to save gas

---

libraries/ERC20Upgradeable.sol: L189-192

        require(
            currentAllowance >= amount,
            "ERC20: transfer amount exceeds allowance"
        );

Change message to ERC20: transfer amt > allowance

---

libraries/ERC20Upgradeable.sol: L245-248

        require(
            currentAllowance >= subtractedValue,
            "ERC20: decreased allowance below zero"
        );

Change message to ERC20: decreased allowance < 0

---

libraries/ERC20Upgradeable.sol: L275

        require(sender != address(0), "ERC20: transfer from the zero address");

Change message to ERC20: xfer from the 0 address

---

libraries/ERC20Upgradeable.sol: L276

        require(recipient != address(0), "ERC20: transfer to the zero address");

Change message to ERC20: xfer to the zero address

---

libraries/ERC20Upgradeable.sol: L281-284

        require(
            senderBalance >= amount,
            "ERC20: transfer amount exceeds balance"
        );

Change message to ERC20: transfer amount > balance

---

libraries/ERC20Upgradeable.sol: L328

        require(account != address(0), "ERC20: burn from the zero address");

Change message to ERC20: burn from the 0 address

---

libraries/ERC20Upgradeable.sol: L333

        require(accountBalance >= amount, "ERC20: burn amount exceeds balance");

Change message to ERC20: burn amount > balance

---

libraries/ERC20Upgradeable.sol: L362

        require(owner != address(0), "ERC20: approve from the zero address");

Change message to ERC20: approve from zero address

---

libraries/ERC20Upgradeable.sol: L363

        require(spender != address(0), "ERC20: approve to the zero address");

Change message to ERC20: approve to the 0 address

---

Use of '&&' within a require function

Splitting such functions into separate require() statements (instead of using '&&') saves gas

---

contracts/Staking.sol: L54-63

        require(
            _stakingToken != address(0) &&
                _yieldyToken != address(0) &&
                _tokeToken != address(0) &&
                _tokePool != address(0) &&
                _tokeManager != address(0) &&
                _tokeReward != address(0) &&
                _liquidityReserve != address(0),
            "Invalid address"
        );

Recommendation:

        require(_stakingToken != address(0), "Invalid address");
        require(_yieldyToken != address(0), "Invalid address");
        require(_tokeToken != address(0), "Invalid address");
        require(_tokePool != address(0), "Invalid address");
        require(_tokeManager != address(0), "Invalid address");
        require(_tokeReward != address(0), "Invalid address");
        require(_liquidityReserve != address(0), "Invalid address");

---

The require function shown below occurs twice:

contracts/Staking.sol: L574-577 contracts/Staking.sol: L611-614

        require(
            !isUnstakingPaused && !isInstantUnstakingPaused,
            "Unstaking is paused"
        );

Recommendation:

        require(!isUnstakingPaused, "Unstaking is paused");
        require(!isInstantUnstakingPaused, "Unstaking is paused");

---

contracts/Staking.sol: L605-609

        require(
            CURVE_POOL != address(0) &&
                (curvePoolFrom == 1 || curvePoolTo == 1),
            "Invalid Curve Pool"
        );

Recommendation:

        require(CURVE_POOL != address(0), "Invalid Curve Pool"); 
        require(curvePoolFrom == 1 || curvePoolTo == 1, "Invalid Curve Pool"); 

---

contracts/Migration.sol: L20-23

        require(
            _oldContract != address(0) && _newContract != address(0),
            "Invalid address"
        );

Recommendation:

        require(_oldContract != address(0), "Invalid address");
        require(_newContract != address(0), "Invalid address");

---

contracts/LiquidityReserve.sol: L44-47

        require(
            _stakingToken != address(0) && _rewardToken != address(0),
            "Invalid address"
        );

Recommendation:

        require(_stakingToken != address(0), "Invalid address");
        require(_rewardToken != address(0), "Invalid address");

---

Use != 0 instead of > 0 in a require statement if variable is an unsigned integer (uint)

!= 0 should be used where possible since > 0 costs more gas

---

contracts/Staking.sol: L118

        require(_recipient.amount > 0, "Must enter valid amount");

Change _recipient.amount > 0 to _recipient.amount != 0

---

Identical require condition occurs in all three lines below:

contracts/Staking.sol: L410

contracts/Staking.sol: L572

contracts/Staking.sol: L604

Example:

        require(_amount > 0, "Must have valid amount");

Change _amount > 0 to _amount != 0 in each case

---

contracts/Yieldy.sol: L83

        require(_totalSupply > 0, "Can't rebase if not circulating");

Change _totalSupply > 0 to _totalSupply != 0

---

contracts/Yieldy.sol: L96

            require(rebasingCreditsPerToken > 0, "Invalid change in supply");

Change rebasingCreditsPerToken > 0 to rebasingCreditsPerToken != 0

---

Storage of uints or ints smaller than 32 bytes

Storage of uints or ints smaller than 32 bytes incurs overhead. Instead, use size of at least 32, then downcast where needed

---

Recommendation: Increase size from uint8 to at least uint32 in the lines referenced below:

contracts/Staking.sol: L113

        uint8 _v,

contracts/Yieldy.sol: L32

        uint8 _decimal

libraries/ERC20PermitUpgradeable.sol: L70

        uint8 v,

---