Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 122/133
Findings: 1
Award: $12.81
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0x5rings, 0xA5DF, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Amithuddar, Aymen0909, B2, Ben, Bnke0x0, Chom, CodingNameKiki, Deivitto, Diana, Fitraldys, Funen, IllIllI, JAGADESH, JC, Metatron, Ocean_Sky, PaludoX0, Pheonix, RaymondFam, ReyAdmirado, RockingMiles, Rohan16, Rolezn, Satyam_Sharma, Sm4rty, SnowMan, SooYa, Tagir2003, TomJ, Tomio, Triangle, V_B, Waze, __141345__, ajtra, albincsergo, asutorufos, aysha, beardofginger, bobirichman, brgltd, bulej93, bytera, c3phas, ch0bu, cryptostellar5, cryptphi, d3e4, delfin454000, dharma09, drdr, durianSausage, emrekocak, erictee, fatherOfBlocks, gogo, got_targ, imare, jag, karanctf, ladboy233, leosathya, lukris02, medikko, mics, millersplanet, natzuu, neko_nyaa, oyc_109, peanuts, prasantgupta52, rbserver, ret2basic, rokinot, ronnyx2017, rotcivegaf, sach1r0, samruna, seyni, slowmoses, tnevler, wagmi, zishansami
12.811 USDC - $12.81
1st.
In ERC20PermitPermissionedMint contract consider using mapping from adress to uint instead of bool (https://github.com/code-423n4/2022-09-frax/blob/main/src/ERC20/ERC20PermitPermissionedMint.sol#L20). Its value would be the index in minters_array where the minter stays. Value 0 means: not a minter.
It would be set in addMinter function as the length of minters_array, after the minter is pushed.
Thanks to that, you do not have to iterate over an array (https://github.com/code-423n4/2022-09-frax/blob/main/src/ERC20/ERC20PermitPermissionedMint.sol#L84) but simply add:
minters_array[minters[minter_address]] = address(0)
Remember to delete the minter from mapping (https://github.com/code-423n4/2022-09-frax/blob/main/src/ERC20/ERC20PermitPermissionedMint.sol#L81) after this update.
2nd
In OperatorRegistry contract, in removeValidator function do not delete whole validators and iterate over whole array (in case when you care about order) but simply start overriding validators from remove_idx index and pop array at the end.
for (uint256 i = remove_idx; i < validators.length - 1; ++i) { validators[i] = validators[i+1]; } validators.pop();
Benchmark: Tested in Remix IDE and Solidity 0.8.4. Registry with 10 validators.
Removal of the first validator using original code: ~334304 Removal of the first validator using proposed code: ~281099