Back to erictee's contests

Paladin - Warden Pledges contest - erictee's results

A governance lending protocol transforming users voting power into a new money lego.

General Information

Platform: Code4rena

Start Date: 27/10/2022

Pot Size: $33,500 USDC

Total HM: 8

Participants: 96

Period: 3 days

Judge: kirk-baird

Total Solo HM: 1

Id: 176

League: ETH

Paladin

Findings Distribution

Researcher Performance

Rank: 79/96

Findings: 1

Award: $11.52

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPaladin

Findings Information

🌟 Selected for report: c3phas

Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler

Awards

11.5153 USDC - $11.52

Labels

bug
G (Gas Optimization)
grade-b
G-16

External Links

Link to GitHub issue

[G-01] Functions guaranteed to revert when called by normal users can be declared as payable.

Impact

If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided. The extra opcodes avoided are CALLVALUE(2),DUP1(3),ISZERO(3),PUSH2(3),JUMPI(10),PUSH1(3),DUP1(3),REVERT(0),JUMPDEST(1),POP(2), which costs an average of about 21 gas per call to the function, in addition to the extra deployment cost.

Findings:
contracts/WardenPledge.sol:L541    function addMultipleRewardToken(address[] calldata tokens, uint256[] calldata minRewardsPerSecond) external onlyOwner {

contracts/WardenPledge.sol:L560    function addRewardToken(address token, uint256 minRewardPerSecond) external onlyOwner {

contracts/WardenPledge.sol:L570    function updateRewardToken(address token, uint256 minRewardPerSecond) external onlyOwner {

contracts/WardenPledge.sol:L585    function removeRewardToken(address token) external onlyOwner {

contracts/WardenPledge.sol:L599    function updateChest(address chest) external onlyOwner {

contracts/WardenPledge.sol:L612    function updateMinTargetVotes(uint256 newMinTargetVotes) external onlyOwner {

contracts/WardenPledge.sol:L625    function updatePlatformFee(uint256 newFee) external onlyOwner {

contracts/WardenPledge.sol:L636    function pause() external onlyOwner {

contracts/WardenPledge.sol:L643    function unpause() external onlyOwner {

contracts/WardenPledge.sol:L653    function recoverERC20(address token) external onlyOwner returns(bool) {

[G-02] Explicit initialization with zero not required

Impact

Explicit initialization with zero is not required for variable declaration because uints are 0 by default. Removing this will reduce contract size and save a bit of gas.

Findings:
contracts/WardenPledge.sol:L547        for(uint256 i = 0; i < length;){

#0 - c4-judge

2022-11-12T00:16:34Z

kirk-baird marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter