Platform: Code4rena
Start Date: 19/10/2021
Pot Size: $30,000 ETH
Total HM: 5
Participants: 13
Period: 3 days
Judge: GalloDaSballo
Total Solo HM: 4
Id: 43
League: ETH
Rank: 10/13
Findings: 1
Award: $89.08
🌟 Selected for report: 0
🚀 Solo Findings: 0
harleythedog
There are a few functions declared as public that are never called internally within the contract. It is best practice to mark such functions as external instead, as this saves gas (especially in the case where the function takes arguments, as external functions can read arguments directly from calldata instead of having to allocate memory). The following functions could be changed from public to external:
getValidatorsDetails: https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#:~:text=getValidatorsDetails
getDelegatorDetails: https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#:~:text=function-,getDelegatorDetails,-(address%20delegator)%20public
Manual Inspection.
Change these functions from public to external.
#0 - kitti-katy
2021-10-21T22:48:47Z
duplicate of #2
#1 - GalloDaSballo
2021-11-01T17:00:20Z
Duplicate of #2
🌟 Selected for report: WatchPug
Also found by: harleythedog, pants
0.0082 ETH - $29.39
harleythedog
The addValidator function is a non-view function that reads the storage variable validatorsN multiple times. Reading from storage is significantly more expensive than reading from memory, so it would save a lot of gas to first copy validatorsN into memory at the start of the function, and then read from this memory variable.
See the addValidator function here: https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#:~:text=function-,addValidator,-(address%20validator%2C%20address
If we instead changed this code to be:
uint128 N = validatorsN; validators[N]._address = validator; validators[N].operator = operator; validators[N].commissionRate = commissionRate; emit ValidatorAdded(N, validator, operator); validatorsN += 1;
we would remove 3 SLOADS in favour of much cheaper MLOADS, saving a lot of gas.
Manual inspection.
Change storage reads to memory reads as described above.
#0 - GalloDaSballo
2021-11-01T16:58:16Z
Duplicate of #53
🌟 Selected for report: pmerkleplant
Also found by: harleythedog
harleythedog
The IERC20 variable named "CQT" is set in the "initialize" function (as a constant value, it does not depend on the input to the function call), and this variable is not written to anywhere else in the contract. It would save gas to declare this variable as a constant and initialize it in the contract as a global variable.
Variable declaration here: https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#:~:text=id%20-%3E%20validator%20instance-,IERC20%20CQT,-%3B
Variable initialization (and only location where variable is written to) here: https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#:~:text=CQT%20%3D%20IERC20(0xD417144312DbF50465b1C641d016962017Ef6240)%3B
Manual inspection.
Declare the "CQT" variable as a constant variable in the contract and initialize it similarily.
#0 - kitti-katy
2021-10-21T22:47:07Z
duplicate of #67
#1 - GalloDaSballo
2021-11-01T16:59:47Z
Duplicate of #67