Platform: Code4rena
Start Date: 29/04/2022
Pot Size: $22,000 USDC
Total HM: 6
Participants: 40
Period: 3 days
Judge: Justin Goro
Total Solo HM: 2
Id: 114
League: ETH
Rank: 31/40
Findings: 1
Award: $30.30
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xf15ers, 0xkatana, 242, Dravee, GimelSec, MaratCerby, Tadashi, TrungOre, WatchPug, defsec, fatherOfBlocks, gzeon, hake, horsefacts, joestakey, miguelmtzinf, pauliax, pedroais, peritoflores, rotcivegaf, simon135, slywaters, tabish, throttle, z3s
30.3019 USDC - $30.30
AaveV3YieldSource.sol
L136-145 - _decimals which is uint8 would be better than this together with REFERRAL_CODE uint16 , so it takes up less storage space.
L168.171.174 - In the constructor, it is not necessary to validate if it is zero, since if an interface is set in the input parameters of the signature, it already includes the validation that it is different from zero.
L235.236.237 - _tokenAddress() is view therefore it does not generate a gas cost, instead the creation of the variable and its use does. It would be best to call _tokenAddress() directly.
L252.253.259 - _tokenAddress() is view therefore it does not generate a gas cost, instead the creation of the variable and its use does. It would be best to call _tokenAddress() directly.
L260.262 - It could be executed like this and it would save creating a variable (_assetToken.balanceOf(address(this))).sub(_beforeBalance);
L232.239.241 - _tokenToShares() is a view function, so it can be passed as a parameter without creating a local variable, this would reduce the gas by 2000.
L255.256.265 - _tokenToShares() is a view function, so it can be passed as a parameter without creating a local variable, this would reduce the gas by 2000.
#0 - PierrickGT
2022-05-03T16:46:33Z
L136-145 - _decimals which is uint8 would be better than this together with REFERRAL_CODE uint16 , so it takes up less storage space.
The Aave supply function accept a uint16 for the referral code so we need to store it in a uint16: https://docs.aave.com/developers/core-contracts/pool#supply Decimals are stored in a uint8 in the OpenZeppelin contract, so if we want to overwrite the default value, we need to store it in a uint8: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/14ca3aeb798d9b9be31df86ae7ef8b8f760caa4c/contracts/token/ERC20/ERC20.sol#L87
L168.171.174 - In the constructor, it is not necessary to validate if it is zero, since if an interface is set in the input parameters of the signature, it already includes the validation that it is different from zero.
Yes but the error returned would be Error: Transaction reverted: function returned an unexpected amount of data which not very descriptive.
L235.236.237 - _tokenAddress() is view therefore it does not generate a gas cost, instead the creation of the variable and its use does. It would be best to call _tokenAddress() directly. L252.253.259 - _tokenAddress() is view therefore it does not generate a gas cost, instead the creation of the variable and its use does. It would be best to call _tokenAddress() directly.
Fixed in this PR: https://github.com/pooltogether/aave-v3-yield-source/pull/8
L260.262 - It could be executed like this and it would save creating a variable (_assetToken.balanceOf(address(this))).sub(_beforeBalance);
Yes but we also return _balanceDiff at the end of the function, so it's better to store it in a variable.
L232.239.241 - _tokenToShares() is a view function, so it can be passed as a parameter without creating a local variable, this would reduce the gas by 2000. L255.256.265 - _tokenToShares() is a view function, so it can be passed as a parameter without creating a local variable, this would reduce the gas by 2000.
For code legibility, we prefer to store the value in a variable.