Platform: Code4rena
Start Date: 26/07/2022
Pot Size: $75,000 USDC
Total HM: 29
Participants: 179
Period: 6 days
Judge: LSDan
Total Solo HM: 6
Id: 148
League: ETH
Rank: 105/179
Findings: 2
Award: $56.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0xA5DF, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xc0ffEE, 0xf15ers, 0xmatt, 0xsanson, 0xsolstars, 8olidity, AuditsAreUS, Bahurum, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chom, CryptoMartian, Deivitto, DevABDee, Dravee, ElKu, Franfran, Funen, GalloDaSballo, GimelSec, GiveMeTestEther, Green, JC, Jmaxmanblue, JohnSmith, Jujic, Junnon, Kenshin, Krow10, Kumpa, Lambda, MEP, Maxime, MiloTruck, Mohandes, NoamYakov, Picodes, RedOneN, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, Soosh, StErMi, StyxRave, Tadashi, TomJ, Treasure-Seeker, TrungOre, Waze, _Adam, __141345__, ajtra, ak1, apostle0x01, arcoun, asutorufos, async, benbaessler, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, carlitox477, chatch, codetilda, codexploder, cryptonue, cryptphi, csanuragjain, cthulhu_cult, delfin454000, dipp, dirk_y, djxploit, ellahi, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, horsefacts, hyh, idkwhatimdoing, indijanc, jayfromthe13th, jayphbee, joestakey, kenzo, kyteg, lucacez, luckypanda, mics, minhquanym, obront, oyc_109, pedr02b2, rajatbeladiya, rbserver, reassor, robee, rokinot, rotcivegaf, sach1r0, saian, saneryee, sashik_eth, scaraven, shenwilly, simon135, sseefried, supernova, teddav, ych18, zuhaibmohd, zzzitron
35.1687 USDC - $35.17
VoteEscrowDelegation
L4/6/218-225 - There are code and commented comments that do not contribute to the code, they should be eliminated.
L99 - In the require it is validated _delegatedTokenIds.length has to be smaller than 500, but it is not explained what that number means in the business logic.
The naspec is not complete
L245 - The require does not show any specific message that explains the reason why it reverts.
RewardDistributor
L9 - The hardhat is imported consolo and it is not used in the code, only in a commented line.
L11 - The ERC20 interface does not use the letter I in front, representing the interfaces, this is a standard. In addition, it has the name of a widely used EIP (ERC20) and does not meet that standard, so it would be preferable to use another name.
L31 - The VE interface does not use the letter I in front, representing the interfaces, this is a standard.
L84 - In the constructor, when starTime is set, the value that is a date is hardcoded (1659211200), the reason is not explained because this number makes sense that it is that way.
L88/144/158 - The require does not show any specific message that explains the reason why it reverts.
L107-111 - There are code and commented comments that do not contribute to the code, they should be eliminated.
L313 - The fallback and the receive fulfill the same function, with the difference that in the version of pragma that is being used it is recommended to use the receive.
GolomTrader
L8/16/26/36 - The ERC721, ERC1155, ERC20 and Distributor interfaces do not use the letter I in front, representing the interfaces, this is a standard.
L220/285/291/293/295/296/313/342/345/347/349/350 - The require does not show any specific message that explains why it reverts.
L459 - The fallback and the receive fulfill the same function, with the difference that in the version of pragma that is being used it is recommended to use the receive.
VoteEscrowCore
L356-364 - The implementation of the reentrancyGuard could be less expensive and simpler if bools and a single variable were used.
L375/384/391 - Most of the functions comply with a cammelCase signature, but there are some that use underscore to separate words, it is a good practice that a single pattern is respected throughout the contract.
L360/540/646/648/652/869/874/879/884/889/895/896/897/927/944 - The require does not show any specific message that explains why it reverts.
L697/698/735/745/749/1042/1044/1113/1115/1133/1134/1167/1169/1211 - It is not necessary to set parameters with their default value, this generates an unnecessary gas expense that could be avoid simply not setting it.
🌟 Selected for report: JohnSmith
Also found by: 0x1f8b, 0xA5DF, 0xDjango, 0xKitsune, 0xLovesleep, 0xNazgul, 0xSmartContract, 0xmatt, 0xsam, Aymen0909, Bnke0x0, CRYP70, Chandr, Chinmay, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, Funen, GalloDaSballo, Green, IllIllI, JC, Jmaxmanblue, Junnon, Kaiziron, Kenshin, Krow10, Maxime, Migue, MiloTruck, Noah3o6, NoamYakov, Randyyy, RedOneN, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StyxRave, TomJ, Tomio, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, async, benbaessler, brgltd, c3phas, cRat1st0s, carlitox477, delfin454000, djxploit, durianSausage, ellahi, erictee, fatherOfBlocks, gerdusx, gogo, hyh, jayfromthe13th, jayphbee, joestakey, kaden, kenzo, kyteg, ladboy233, lucacez, m_Rassska, mics, minhquanym, oyc_109, pfapostol, rbserver, reassor, rfa, robee, rokinot, sach1r0, saian, samruna, sashik_eth, simon135, supernova, tofunmi, zuhaibmohd
21.3211 USDC - $21.32
GolomToken
L23/24/43/51/69 - The modifier generates a lot of gas consumption, this can be reduced using an if with a custom error or a private view function.
L24 - The message within the requires has a size greater than 32 bytes, this generates unnecessary extra gas expenses, if the message could be reduced a few characters less.
VoteEscrowDelegation
L50/147/170/171/188/189 - It is not necessary to set parameters with their default value, this generates an unnecessary gas expense that could be avoided simply by not setting it.
L78/103/119 - Less gas costs are generated, if instead of validating "variable > 0" it becomes "variable != 0".
L79/101/107/119/138/139/148/157/171/189/199/201/213 - Less gas costs are generated, if instead of making variable + 1 or variable++, for example, it is made ++variable or --variable.
L171/189/199/201 - In a for loop, when we traverse an array we will be querying the size of the length multiple times, so gas could be saved by creating a variable in memory of the size of the array.
L185 - The getPriorVotes() function is public, but it is not used within the contract, so you could save gas by making it external.
RewardDistributor
L45/142/143/156/157/175/176/180/183/222/223/226/257/258/272/273 - It is not necessary to set parameters with their default value, this generates a gas expense unnecessary that could be avoided simply by not setting it.
L87/88/144/158/173/181/184/185/220/292/309 - The modifier generates a lot of gas, this can be reduced using an if with a custom error or a private view function.
L181/292/309 - The message within the requires has a size greater than 32 bytes, this generates unnecessary extra gas expenses, if the message could be reduced a few less characters.
L124 - Less gas expenses are generated, if instead of validating "variable > 0" we do "variable != 0".
L118/143/157/183/180/226/258/273 - Less gas costs are generated, if instead of making variable + 1 or variable++, for example, ++variable or --variable is made.
L98/141/155/172/215/254/269 - The functions addFee(), traderClaim(), exchangeClaim(), multiStakerClaim(), stakerRewards(), traderRewards(), exchangeRewards() are public, but they are not used within the contract, therefore gas could be saved by making them external.
GolomTrader
L152/250/387 - Less gas costs are generated, if instead of validating "variable > 0" it is made "variable != 0".
L415 - In a for loop, when we traverse an array we will be querying the size of the length multiple times, therefore we could save gas by creating a variable in memory of the size of the array.
TokenUriHelper
VoteEscrowCore
L579/704/708/727/757/761/786/789/927/928/944/981/982/997/1072/1183 - Less gas costs are generated, if instead of validating "variable > 0" becomes "variable != 0".
L929/945 - The message within the requires has a size greater than 32 bytes, this generates unnecessary extra gas expenses, if the message could be reduced a few less characters.