Platform: Code4rena
Start Date: 28/04/2022
Pot Size: $50,000 USDC
Total HM: 7
Participants: 43
Period: 5 days
Judge: gzeon
Total Solo HM: 2
Id: 115
League: ETH
Rank: 36/43
Findings: 1
Award: $89.04
π Selected for report: 0
π Solo Findings: 0
π Selected for report: Dravee
Also found by: 0x1f8b, 0x4non, 0x52, 0xDjango, AlleyCat, Funen, GalloDaSballo, GimelSec, Hawkeye, MaratCerby, Picodes, berndartmueller, cccz, defsec, delfin454000, dipp, hyh, ilan, joestakey, kebabsec, luduvigo, pauliax, peritoflores, robee, rotcivegaf, samruna, shenwilly, sikorico, simon135, sorrynotsorry, unforgiven, z3s
89.0354 USDC - $89.04
Misleading variable usage in function _refreshPAR in PARMinerV2 contract.
The _refreshPAR function is checking a global variable that is competing with the parameter passed by the caller, but that should refer to the same chunk of data.
There seems to be some sense of doing this in some ways of calling the function, but more confusing code leads to more bugs or lower protocol adoption.
function _refreshPAR(uint256 newTotalStake) internal { if (_totalStake == 0) { return; } uint256 currentParBalance = _par.balanceOf(address(this)).sub(newTotalStake); uint256 parReward = currentParBalance.sub(_parBalanceTracker); _parBalanceTracker = currentParBalance; _accParAmountPerShare = _accParAmountPerShare.add(parReward.rayDiv(_totalStakeWithBoost)); }
Hardhat gas optimizer
Rewrite the function and make sure it doesn't lead to confusing and possibly misleading code.
#0 - m19
2022-05-04T03:27:24Z
No actual suggestions are offered, this is QA at best in our opinion.
#1 - gzeoneth
2022-06-05T16:33:06Z
Treating as warden's QA report.