Platform: Code4rena
Start Date: 21/04/2022
Pot Size: $75,000 USDC
Total HM: 7
Participants: 45
Period: 7 days
Judge: 0xean
Total Solo HM: 5
Id: 111
League: ETH
Rank: 24/45
Findings: 2
Award: $223.17
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xmint, CertoraInc, Dravee, MaratCerby, Ruhum, VAD37, catchup, csanuragjain, defsec, delfin454000, dipp, fatima_naz, gzeon, hake, hyh, joestakey, kebabsec, oyc_109, rayn, robee, samruna, simon135, sorrynotsorry, teryanarmen
153.6552 USDC - $153.66
1)- unclear comments- (Not Critical)
it is mentioned here that we are casting it to avoid overflow and then on the next line, it is explained why there can not be an overflow.
https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L256-L258
then again we are recasting the variable to uint112 again here. https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L262
2)- No checks on lastUpdatedTimeStamp in function getAccruedRewards. I know this function is called by onlyFlywheel role. but it's good to check if it is not greater than or equal to current timestamp. cause here we are using this variable https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L250
incase lastUpdatedTimeStamp is equal to current timestamp, here the variable elapsed would be zero https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L253
which means all the further calculation is not needed so we could save gas by just checking.
Incase lastUpdatedTimeStamp is more than current timestamp the variable elapsed will be calculated negative resulting in overflow.
🌟 Selected for report: 0xkatana
Also found by: 0v3rf10w, 0x1f8b, 0xNazgul, 0xmint, CertoraInc, Dravee, Fitraldys, Funen, IllIllI, NoamYakov, Scocco, Tomio, catchup, csanuragjain, defsec, delfin454000, djxploit, fatima_naz, gzeon, joestakey, joshie, kebabsec, nahnah, oyc_109, rayn, robee, rotcivegaf, saian, samruna, sorrynotsorry, teryanarmen, z3s
69.5108 USDC - $69.51
1)- function emitVotingBalances can be view as no storage data is changed inside it.
2)- No need to initialize loop variable to zero. default value of uint is zero. https://github.com/fei-protocol/xTRIBE/blob/989e47d176facbb0c38bc1e1ca58672f179159e1/src/xTRIBE.sol#L95
3)- reading from local variable instead of storage.-
The value of queuedRewards.cycleRewards is already stored in local variable here - https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L241
The value of same variable is used again here https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L258 . and https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L230
we can use local variable at these places instead of reading from storage again. as reading from memory is cheaper than storage.
4)- The value of queuedRewards.storedCycle is read 4 times in this function. we can store this value in local memory variable so that we don't have to read from storage 4 times. https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L195-L198
5)- In getAccruedRewards function also the value of queuedRewards.storedCycle is read 3 times in this function. we can store this value in local memory variable so that we don't have to read from storage 3 times. attaching link for all 3 places. - https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L227 https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L235 https://github.com/fei-protocol/flywheel-v2/blob/77bfadf388db25cf5917d39cd9c0ad920f404aad/src/rewards/FlywheelGaugeRewards.sol#L268