Platform: Code4rena
Start Date: 27/10/2022
Pot Size: $33,500 USDC
Total HM: 8
Participants: 96
Period: 3 days
Judge: kirk-baird
Total Solo HM: 1
Id: 176
League: ETH
Rank: 38/96
Findings: 2
Award: $31.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: robee
Also found by: 0x007, 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 8olidity, Awesome, B2, Bnke0x0, Chom, Diana, Dravee, JTJabba, Jeiwan, Josiah, Lambda, Mathieu, Picodes, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Ruhum, Sm4rty, Tricko, Trust, Waze, __141345__, a12jmx, adriro, ajtra, brgltd, c3phas, carlitox477, cccz, ch0bu, chaduke, chrisdior4, corerouter, cryptonue, csanuragjain, ctf_sec, cylzxje, delfin454000, dic0de, djxploit, horsefacts, imare, jayphbee, jwood, ktg, ladboy233, leosathya, lukris02, minhtrng, neko_nyaa, oyc_109, pashov, peritoflores, rbserver, rvierdiiev, shark, tnevler, yixxas
19.6449 USDC - $19.64
block.timestamp is risky, as it can be manipulated by miners, so avoid it.https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L237 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L319 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L380 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L426
https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L137-L140
Check , effect and interact pattern is not followed below. State is updated after making an external call.https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L394_L401
indexed fieldshttps://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L94_L98 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L102_L105
TYPOS should be resolved, to avoid confusion and enhance readability(https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L292)[https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L295](https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L295)[https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L296](https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L296)[https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L411](https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L411)[https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L412](https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L412)[https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L453](https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L453)[https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L485](https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L485)
#0 - c4-judge
2022-11-12T01:04:09Z
kirk-baird marked the issue as grade-b
🌟 Selected for report: c3phas
Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler
11.5153 USDC - $11.52
https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L268
It may not be obvious, but every time you copy a storage struct/array/mapping to a memory variable, you are literally copying each member by reading it from storage, which is expensive. And when you use the storage keyword, you are just storing a pointer to the storage, which is much cheaper.
https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L227 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L318
x = x + y is cheaper than x+=yhttps://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L340 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L401 https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L445
https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L41
https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L50 with https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L56
https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L52 with https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L67
#0 - c4-judge
2022-11-12T01:02:17Z
kirk-baird marked the issue as grade-b