Platform: Code4rena
Start Date: 14/04/2022
Pot Size: $75,000 USDC
Total HM: 8
Participants: 72
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 2
Id: 110
League: ETH
Rank: 32/72
Findings: 2
Award: $258.84
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, Hawkeye, Jujic, MaratCerby, Picodes, Ruhum, SolidityScan, TerrierLover, TomFrenchBlockchain, TrungOre, VAD37, Yiko, berndartmueller, cmichel, csanuragjain, danb, defsec, delfin454000, dipp, ellahi, fatherOfBlocks, georgypetrov, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kyliek, m9800, minhquanym, oyc_109, p_crypt0, peritoflores, rayn, reassor, remora, rfa, robee, scaraven, securerodd, shenwilly, sorrynotsorry, tchkvsky, teryanarmen, z3s
206.1723 USDC - $206.17
Calling setCitadelAssetPriceBounds with _minPrice, _maxPrice where citadelPriceInAsset is
not in that range should not be allowed. This can result in a weird state, even though it will not cause a severe vulnerability.
Add require(citadelPriceInAsset >= _minPrice && citadelPriceInAsset <= _maxPrice)
to the function
If an invalid _unlockBegin is given such that _unlockBegin + vestingDuration < block.timestamp
then the user will be able to claim vestingToken straight away.
require(_unlockBegin >= block.timestamp)
Functions in some of the contracts are missing checks that address != 0. Using such addresses can brake the protocol.
StakedCitadelLocker.addReward StakedCitadelLocker.approveRewardDistributor StakedCitadelLocker.setStakingContract StakedCitadelVester.vest Funding.setDiscountManager
require(_var_name != address(0), "address 0 invalid");
should require tokenInLimit > 0, when tokenInLimit = 0 the knigting round isn't functional.
add require(_tokenInLimit > 0) in initialize and setTokenInLimit
if feeBps = 0 then (amount * feeBps) / MAX_BPS; will be 0 anyway, no need
for the if statement
require(amount != 0) instead of if (amount != 0)If there is no claimable balance or the requested amount is 0, then claim should fail on a
require. replace if (amount != 0) with require(amount != 0, "error msg")
Many functions and complex logic are missing informative documentation and comments.
CitadelMinter.getFundingPoolWeights CitadelMinter.initializeLastMintTimestamp CitadelMinter._transferToFundingPools CitadelMinter._removeFundingPool CitadelMinter._addFundingPool Funding.clearCitadelPriceFlag Funding.setSaleRecipient Funding.setCitadelAssetPriceBounds StakedCitadelVester.initialize SupplySchedule.initialize SupplySchedule.getCurrentEpoch SupplySchedule.getEmissionsForEpoch SupplySchedule.getEmissionsForCurrentEpoch SupplySchedule.getMintable SupplySchedule.setMintingStart SupplySchedule.setEpochRate
default visibility is internal however it is good practice to specify it explicitly.
change ONE_ETH to
uint256 internal constant ONE_ETH = 1e18;
trying to withdraw while the total supply of the token is 0, will cause a zero division error.
Instead should add require(totalSupply() != 0), "msg" with an informative message, to make the error clear to the caller.
It is good practice and more readable to emit at the end.
// @dev duplicate of getMintable() with debug print added // @dev this function is out of scope for reviews and audits
this comment is meant for getMintableDebug and not for getEpochAtTimestamp. Can be confusing while reading the code.
require that the _epoch is valid and has a rate, this is better than returning 0.
change getEmissionsForEpoch to:
rate = epochRate[_epoch]; require(rate > 0, "invalid epoch"); return rate * epochLength;
this logic:
uint256 _newTotalWeight = totalFundingPoolWeight; _newTotalWeight = _newTotalWeight - fundingPoolWeights[_pool]; fundingPoolWeights[_pool] = _weight; _newTotalWeight = _newTotalWeight + _weight; totalFundingPoolWeight = _newTotalWeight; emit FundingPoolWeightSet(_pool, _weight, _newTotalWeight);
is unecessarily complex, can simplify to:
totalFundingPoolWeight = totalFundingPoolWeight - fundingPoolWeights[_pool] + _weight; fundingPoolWeights[_pool] = _weight; emit FundingPoolWeightSet(_pool, _weight, totalFundingPoolWeight)
This is much more readable and saves gas.
require in StakedCitadelLocker.solMost require statements in this contract are missing an error message. One should be added.
Example:
require(_stakingToken != address(0)) -> require(_stakingToken != address(0), "zero adress")
use uint256 or unit consistently, preferably uint256
a += b is cleaner than a = a + b.
Example:
totalTokenIn = totalTokenIn + _tokenInAmount; -> totalTokenIn += _tokenInAmount;
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xAsm0d3us, 0xBug, 0xDjango, 0xNazgul, 0xkatana, CertoraInc, Cityscape, Funen, Hawkeye, IllIllI, MaratCerby, SolidityScan, TerrierLover, TomFrenchBlockchain, Tomio, TrungOre, bae11, berndartmueller, csanuragjain, defsec, delfin454000, ellahi, fatherOfBlocks, gs8nrv, gzeon, horsefacts, ilan, jah, joestakey, joshie, kebabsec, kenta, nahnah, oyc_109, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tchkvsky, teryanarmen, z3s
52.6692 USDC - $52.67
if (amount > claimable) -> if (amount >= claimable)
making the inequality strinct can save gas
the only use of saleDuration is in the calculations of saleStart + saleDuration.
Hence, it will save gas to just save in storage the sale end instead of saleDuration.
Update the initializer and function setSaleDuration accordingly
vesting[recipient]StakedCitadelVester.claimableBalance, cache vesting[recipient].
Can save 5 storage calls.
function claimableBalance(address recipient) public view returns (uint256) { uint256 locked = vesting[recipient].lockedAmounts; uint256 claimed = vesting[recipient].claimedAmounts; if (block.timestamp >= vesting[recipient].unlockEnd) { return locked - claimed; } return ((locked * (block.timestamp - vesting[recipient].unlockBegin)) / (vesting[recipient].unlockEnd - vesting[recipient].unlockBegin)) - claimed; }
takedCitadel._withdraw calls balance() and then token.balanceOf(address(this)),
which do exactly the same and will return the same.
Instead, call uint256 b = balance(); after the require, then use b for the 2 usages,
here and here
uint256 r = (balance() * _shares) / totalSupply(); _burn(msg.sender, _shares); // Check balance uint256 b = token.balanceOf(address(this));
->
uint256 b = balance(); uint256 r = (b * _shares) / totalSupply(); _burn(msg.sender, _shares);
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free.
The advantages of versions 0.8.* over <0.8.0 are:
i++ is generally more expensive because it must increment a value and return the old value, so it may require holding two numbers in memory. ++i only uses one number in memory.
Example:
for (uint256 i = 0; i < numPools; i++) -> for (uint256 i = 0; i < numPools ++i)
Use calldata instead of memory for external functions where the function argument is read-only. Reading directly from calldata using calldataload instead of going via memory saves the gas from the intermediate memory operations that carry the values.
If a variable is not initialized it is automatically set to the default value (0 for uint, false for bool, address(0) for address...). Explicitly initializing it with its default value is an anti-pattern and wastes gas.
Contracts: CitadelMinter.sol StakedCitadelLocker.sol SupplySchedule.sol