Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $35,000 USDC
Total HM: 10
Participants: 126
Period: 3 days
Judge: Justin Goro
Total Solo HM: 3
Id: 154
League: ETH
Rank: 121/126
Findings: 1
Award: $14.95
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x040, 0x1f8b, 0xDjango, 0xHarry, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xbepresent, 2997ms, Amithuddar, Aymen0909, Bnke0x0, CRYP70, CertoraInc, Chom, CodingNameKiki, Deivitto, Dravee, ElKu, Fitraldys, Funen, GalloDaSballo, JC, JohnSmith, Junnon, LeoS, Metatron, MiloTruck, Noah3o6, NoamYakov, PaludoX0, RedOneN, Respx, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, SooYa, SpaceCake, TomJ, Tomio, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, bobirichman, brgltd, bulej93, c3phas, cRat1st0s, carlitox477, chrisdior4, csanuragjain, d3e4, defsec, delfin454000, djxploit, durianSausage, ellahi, erictee, fatherOfBlocks, gerdusx, gogo, ignacio, jag, ladboy233, m_Rassska, medikko, mics, natzuu, newfork01, oyc_109, paribus, pfapostol, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, sach1r0, saian, sashik_eth, sikorico, simon135
14.9459 USDC - $14.95
Using a prefix increment (++i) instead of a postfix increment (i++) saves gas for each loop cycle and so can have a big gas impact when the loop executes on a large number of elements.
There are 4 occurrences
VotingEscrow.sol
L309 for (uint256 i = 0; i < 255; i++) {
L717 for (uint256 i = 0; i < 128; i++) {
L739 for (uint256 i = 0; i < 128; i++) {
L834 for (uint256 i = 0; i < 255; i++) {
Use prefix not postfix to increment in a loop
Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met)
There are 38 occurrences
Blocklist.sol
L24 require(msg.sender == manager, "Only manager");
L25 require(_isContract(addr), "Only contracts");
VotingEscrow.sol
L116 require(decimals <= 18, "Exceeds max decimals");
L140 require(msg.sender == owner, "Only owner");
L147 require(msg.sender == owner, "Only owner");
L154 require(msg.sender == owner, "Only owner");
L162 require(msg.sender == owner, "Only owner");
L171 require(msg.sender == blocklist, "Only Blocklist");
L412 require(_value > 0, "Only non zero amount");
L413 require(locked_.amount == 0, "Lock exists");
L414 require(unlock_time >= locked_.end, "Only increase lock end"); // from using quitLock, user should increaseAmount instead
L415 require(unlock_time > block.timestamp, "Only future lock end");
L416 require(unlock_time <= block.timestamp + MAXTIME, "Exceeds maxtime");
L425 require(
L448 require(_value > 0, "Only non zero amount");
L449 require(locked_.amount > 0, "No lock");
L450 require(locked_.end > block.timestamp, "Lock expired");
L485 require(
L502 require(locked_.amount > 0, "No lock");
L503 require(unlock_time > locked_.end, "Only increase lock end");
L504 require(unlock_time <= block.timestamp + MAXTIME, "Exceeds maxtime");
L529 require(locked_.amount > 0, "No lock");
L530 require(locked_.end <= block.timestamp, "Lock not expired");
L531 require(locked_.delegatee == msg.sender, "Lock delegated");
L546 require(token.transfer(msg.sender, value), "Transfer failed");
L563 require(!IBlocklist(blocklist).isBlocked(_addr), "Blocked contract");
L564 require(locked_.amount > 0, "No lock");
L565 require(locked_.delegatee != _addr, "Already delegated");
L587 require(toLocked.amount > 0, "Delegatee has no lock");
L588 require(toLocked.end > block.timestamp, "Delegatee lock expired");
L589 require(toLocked.end >= fromLocked.end, "Only delegate to longer lock");
L635 require(locked_.amount > 0, "No lock");
L636 require(locked_.end > block.timestamp, "Lock expired");
L637 require(locked_.delegatee == msg.sender, "Lock delegated");
L657 require(token.transfer(msg.sender, remainingAmount), "Transfer failed");
L676 require(token.transfer(penaltyRecipient, amount), "Transfer failed");
L776 require(_blockNumber <= block.number, "Only past block number");
L877 require(_blockNumber <= block.number, "Only past block number");
Recommended to replace revert strings with custom errors.