Platform: Code4rena
Start Date: 25/08/2022
Pot Size: $75,000 USDC
Total HM: 35
Participants: 147
Period: 7 days
Judge: 0xean
Total Solo HM: 15
Id: 156
League: ETH
Rank: 69/147
Findings: 2
Award: $87.23
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zzzitron
Also found by: 0x040, 0x1f8b, 0x52, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSky, 0xSmartContract, 0xkatana, 8olidity, Aymen0909, Bahurum, BipinSah, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chandr, Chom, CodingNameKiki, Deivitto, DimSon, Diraco, ElKu, EthLedger, Funen, GalloDaSballo, Guardian, IllIllI, JansenC, Jeiwan, Lambda, LeoS, Margaret, MasterCookie, PPrieditis, PaludoX0, Picodes, PwnPatrol, RaymondFam, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, StevenL, The_GUILD, TomJ, Tomo, Trust, Waze, __141345__, ajtra, ak1, apostle0x01, aviggiano, bin2chen, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch13fd357r0y3r, cloudjunky, cryptphi, csanuragjain, d3e4, datapunk, delfin454000, devtooligan, dipp, djxploit, durianSausage, eierina, enckrish, erictee, fatherOfBlocks, gogo, grGred, hansfriese, hyh, ignacio, indijanc, itsmeSTYJ, ladboy233, lukris02, martin, medikko, mics, natzuu, ne0n, nxrblsrpr, okkothejawa, oyc_109, p_crypt0, pfapostol, prasantgupta52, rajatbeladiya, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, sorrynotsorry, tnevler, tonisives, w0Lfrum, yixxas
54.6422 DAI - $54.64
Kernel.sol
L236 to L258 - This type of validation structure can be replaced by a switch, where the parameter passed first is action and then each case is the value of the Actions enum.
L439 - Currently the functionalities of setting the role to an address and creating a new role are coupled. This can generate confusion since unconsciously roles can be created due to mistakes in the name of the role, since that is not really the objective. Therefore, it would be best to have a function to create a new role and another function to grant the role to a specific address.
TRSRY.sol
L20/24/27/28/29/33/36/39/59/66/77/92/105/123/139 - In multiple functions, an ERC20 with the name token_ is requested as input, mostly. But no internal function of this type of token is ever used. This generates extra gas costs, since it could simply be used as an address.
L33/37 - The Executor can define who mints and burns tokens, this has a very high centralization point, since the address that has access to it, passing the require permissioned, will be able to burn and mint tokens to whoever it wants. Generating a very high risk point.
VOTES.sol
RANGE.sol
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x85102, 0xDjango, 0xNazgul, 0xNineDec, 0xSmartContract, 0xkatana, Amithuddar, Aymen0909, Bnke0x0, CertoraInc, Chandr, CodingNameKiki, Deivitto, Dionysus, Diraco, ElKu, Fitraldys, Funen, GalloDaSballo, Guardian, IllIllI, JC, JansenC, Jeiwan, LeoS, Metatron, Noah3o6, RaymondFam, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Shishigami, Sm4rty, SooYa, StevenL, Tagir2003, The_GUILD, TomJ, Tomo, Waze, __141345__, ajtra, apostle0x01, aviggiano, bobirichman, brgltd, c3phas, cRat1st0s, carlitox477, cccz, ch0bu, chrisdior4, d3e4, delfin454000, djxploit, durianSausage, erictee, exolorkistis, fatherOfBlocks, gogo, grGred, hyh, ignacio, jag, karanctf, kris, ladboy233, lukris02, m_Rassska, martin, medikko, natzuu, ne0n, newfork01, oyc_109, peiw, rbserver, ret2basic, robee, rokinot, rvierdiiev, sikorico, simon135, tnevler, zishansami
32.5904 DAI - $32.59
Kernel.sol
L70/88/119/223/229 - Gas can be saved if instead of using a modifier a private view function is used, this would reduce all the costs of validating the access control of an address.
L397 - When you want to set a variable with its default value, it is less expensive not to set it since it has that default value, this reduces some gas units without losing understanding of the code.
KernelUtils.sol
L43/58 - When you want to set a variable with its default value, it is less expensive not to set it since it has that default value, this reduces some gas units without losing understanding of the code.
L49/64 - It is less expensive to do the ++i operation than to do i++, without losing understanding of the code.
TRSRY.sol
PRICE.sol
L6 - The ERC20 class is imported, but it is never used, this generates unnecessary extra gas costs.
L136/138 - When it is previously validated that the operation returns a value without overflow/underflow, it can be wrapped with unchecked in order to spend less gas when performing the mathematical operation. What could be unchecked is the operation, not the validation of the if.
BondCallback.sol
L120 - It is necessary to validate that outputAmount_ > inputAmount_ so that it does not throw an exception without any underflow message. In addition, the outputAmount_ - inputAmount_ operation can become unchecked so that what has already been validated is not validated.
L223/306 - Instead of validating "validation == true" or "validation == false" it is much simpler and less expensive to validate "validation" or "!validation".
L278 - In a for loop instead of consulting the length of the array to be iterated in each iteration, the least expensive thing is to create a variable in memory of the value of array.length
RANGE.sol
Heart.sun
TreasuryCustodian.sol
Operator.sol
L188 - The modifier can generate much less gas cost, if instead of a modifier it were a private view function.
L488/670/675 - It is less expensive to make ++variable than to make variable++, without modifying the understanding of the code.