veRWA - kaveyjoe's results

Target : https://github.com/code-423n4/2023-08-verwa/blob/main/src/GaugeController.sol

1 . Issue: Inconsistent Use of Mixed uint128 and uint256 Arithmetic

• Location: In the vote_for_gauge_weights function
• Description: The line uint256 slope = uint256(uint128(slope_)); casts the slope_ value from int128 to uint256, potentially leading to unexpected behavior or data loss.

2 . Issue: Uninitialized Loop Counter in Internal Functions

• Location: In the _get_sum and _get_weight functions
• Description: The loop counters i are not explicitly initialized before the loop, which can lead to unexpected behavior. They should be initialized to zero (uint256 i = 0) before the loop starts.

3 . Issue: Inconsistent Use of Compound Assignment Operators

• Location: In the _change_gauge_weight function
• Description: In the line power_used = power_used + new_slope.power - old_slope.power;, it's more readable and consistent to use the compound assignment operator (power_used += new_slope.power - old_slope.power;).

4 . Issue: Potential Division by Zero

• Location: In the _gauge_relative_weight function
• Description: The line return (MULTIPLIER * gauge_weight) / total_weight; could potentially result in a division by zero if total_weight is zero. A check should be added to ensure that total_weight is not zero before performing the division.

5 . Issue: Inconsistent Use of Math.max in Calculations

• Location: In the vote_for_gauge_weights function
• Description: In the lines where Math.max is used to adjust bias and slope values, the same adjustment should be made to both points_weight and points_sum to ensure consistency. Currently, only points_weight is adjusted.

6 . Issue: Incorrect Comparison in Loop Conditions

• Location: In the _get_sum and _get_weight functions
• Description: The loop conditions if (t > block.timestamp) should be replaced with if (t <= block.timestamp) to properly exit the loop when the condition is met. Additionally, the loop counters should be incremented (i++) within the loops.

7 . Issue: Unused Function Parameters

• Location: In the checkpoint and checkpoint_gauge functions
• Description: Both of these functions have unused parameters _gauge, which can be removed since they are not used within the functions.

8 . Issue: Inconsistent Use of Visibility Modifiers

• Location: In the _change_gauge_weight function
• Description: The _change_gauge_weight function is marked as internal, but it's intended to be called from the change_gauge_weight function, which has a public visibility modifier. Consider changing the visibility of _change_gauge_weight to private since it's not meant to be accessed externally.

9 . Issue: Unclear Variable Naming and Comments

• Location: Throughout the contract
• Description: Some variable names and comments may not accurately describe their purpose or functionality. Consider reviewing and updating variable names and comments to improve clarity and maintainability.

10 . Issue: Potentially Unreachable Code

• Location: In the _get_weight function
• Description: The else branch of the conditional statement if (t > 0) contains a return statement that returns 0. Since the if branch is checking whether t > 0, this else branch is likely unreachable and can be removed.