Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $50,000 USDC
Total HM: 31
Participants: 99
Period: 5 days
Judges: moose-code, JasoonS, denhampreen
Total Solo HM: 17
Id: 139
League: ETH
Rank: 49/99
Findings: 2
Award: $81.31
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xmint, Bnke0x0, BowTiedWardens, Chom, ElKu, FudgyDRS, Funen, GalloDaSballo, GimelSec, JC, Kaiziron, Lambda, Limbooo, Metatron, MiloTruck, Noah3o6, Picodes, PumpkingWok, PwnedNoMore, Sm4rty, StErMi, TomJ, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ak1, antonttc, berndartmueller, cccz, cryptphi, csanuragjain, defsec, delfin454000, dipp, elprofesor, exd0tpy, fatherOfBlocks, hake, hansfriese, hubble, joestakey, kenta, ladboy233, mics, oyc_109, pashov, pedr02b2, reassor, robee, samruna, scaraven, shung, sikorico, simon135, sseefried, tchkvsky, unforgiven, zzzitron
53.1558 USDC - $53.16
Yieldy.sol
Staking.sol
L8 - LiquidityReserve is imported but not used.
L157/658 - Since CURVE_POOL is allowed to be the address(0), in the estimateInstantCurve() function it should be validated that CURVE_POOL is != 0, otherwise it would always revert without explaining the reason.
L471 - It is not validated that the .transfer() returns true, therefore it could not be carrying out the transfer and the code would be executed without correctly updating the balances.
🌟 Selected for report: BowTiedWardens
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, 0xmint, 8olidity, ACai, Bnke0x0, Chom, ElKu, Fabble, Fitraldys, FudgyDRS, Funen, GalloDaSballo, GimelSec, IllIllI, JC, Kaiziron, Lambda, Limbooo, MiloTruck, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RedOneN, Sm4rty, StErMi, TomJ, Tomio, TrungOre, UnusualTurtle, Waze, _Adam, aga7hokakological, ajtra, antonttc, asutorufos, bardamu, c3phas, defsec, delfin454000, exd0tpy, fatherOfBlocks, hansfriese, ignacio, joestakey, kenta, ladboy233, m_Rassska, mics, minhquanym, oyc_109, pashov, reassor, robee, s3cunda, sach1r0, saian, sashik_eth, scaraven, sikorico, simon135, slywaters
28.1525 USDC - $28.15
Yieldy.sol
L58/59/83/96/187/190/210/249/257/279/286 - Instead of using a require, you can use custom Errors with ifs, this way you could generate less gas cost.
L83/96 - It is less expensive to validate "variable != 0" than "variable > 0"
L82/83 - Instead of using the storage variable, the memory variable can be used in the validation.
L115 - It should be validated that _previousCirculating is != 0 and revert with a desired message.
LiquidityReserve.sol
L25/44/61/62/68/94/105/163/170/192/215 - Instead of using a require, you can use custom Errors with ifs, this way you could generate less gas cost.
L24 - Instead of using a modifier you can save gas using private view functions.
L106/109/112/116/117/120/139/140/143/146/149/152/154 - It is not necessary to create a variable in memory if it is only going to be used once.
L196 - The operation uint256 amountMinusFee = _amount - ((_amount * fee) / BASIS_POINTS); can be unchecked since it will always give a positive number and less than _amount.
L223 - It is less expensive to validate "variable != 0" than "variable > 0"
Staking.sol
L54/118/143/408/410/527/572/574/586/604/605/611/644/676 - Instead of using a require, you can use custom Errors with ifs, this way it could be generated less gas cost.
L118/305/326/363/392/410/415/470/533/572/604 - It is less expensive to validate "variable != 0" than "variable > 0"
L78/79/83/84/85/88/89/92 - Instead of using the storage variable, you can use the input variable, this way you save gas, for example: instead of using STAKING_TOKEN, use _stakingToken.
L120/121/279/280/281/283/288/299/302/320/326/334/335/343/344/355/356/357/358/362/371/372/391/396/397 /412/415/519/528/728/731 - A variable does not need to be created in memory if it is only to be used once.
L78/80 - It is validated twice in the constructor that (CURVE_POOL != address(0))
L636/637 - It is not necessary to set a variable if it is its default value, this generates an extra gas cost.
L708 - It is less expensive to do ++epoch.number; than epoch.number++;