Platform: Code4rena
Start Date: 21/11/2022
Pot Size: $90,500 USDC
Total HM: 18
Participants: 101
Period: 7 days
Judge: Picodes
Total Solo HM: 4
Id: 183
League: ETH
Rank: 60/101
Findings: 1
Award: $53.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xSmartContract
Also found by: 0xAgro, 0xNazgul, 0xPanda, 0xbepresent, 0xfuje, Awesome, B2, Bnke0x0, Deivitto, Diana, Funen, Jeiwan, JohnSmith, Josiah, R2, RaymondFam, Rolezn, Sathish9098, Waze, adriro, aphak5010, brgltd, btk, carrotsmuggler, ch0bu, chaduke, codeislight, codexploder, cryptostellar5, csanuragjain, danyams, datapunk, delfin454000, deliriusz, eierina, erictee, fatherOfBlocks, gz627, gzeon, hansfriese, hihen, jadezti, joestakey, keccak123, martin, nameruse, oyc_109, pedr02b2, perseverancesuccess, rbserver, rotcivegaf, rvierdiiev, sakshamguruji, shark, simon135, subtle77, unforgiven, xiaoming90, yixxas
53.4851 USDC - $53.49
Overall the codebase is quite readable, well organized and matched well with the specs described in the documenations. Its make use of several best practices like using up to date solidity version (0.8.17) and organized structure when its comes to delcaration of state variable, events and functions. Variable naming for the most part is quite good, considering the complexity of the protocol. Comments were used rigourously and were beneficial and accurate in describing the object they were comenting on.
instances:1
File: PirexRewards.sol Line: 63 Link
event Harvest( ERC20[] producerTokens, ERC20[] rewardTokens, uint256[] rewardAmounts );
Could include conditional check similar to _globalaccrue() function to update when needed only. if (block.timestamp != lastUpdate || balance != lastbalance){}
instances:1
File: PirexRewards.sol Line: 289 Link
// Calculate the amount of rewards accrued by the user up to this call uint256 rewards = u.rewards + u.lastBalance * (block.timestamp - u.lastUpdate);
Consider renaming assets to assetAmount for clearer readablity, as assets implicity portrays an ERC20 types
instances:4
File: AutoPxGlp.sol Line: 436-440 Link
function withdraw( uint256 assets, address receiver, address owner ) public override returns (uint256 shares) {
File: AutoPxGlp.sol Line: 449-453 Link
function redeem( uint256 shares, address receiver, address owner ) public override returns (uint256 assets) {
File: AutoPxGmx.sol Line: 315-319 Link
function withdraw( uint256 assets, address receiver, address owner ) public override returns (uint256 shares) {
File: AutoPxGmx.sol Line: 339-343 Link
function redeem( uint256 shares, address receiver, address owner ) public override returns (uint256 assets) {
Missing comments for function, adding comments will add more clarity for this function
instances:2
File: AutoPxGmx.sol Line: 315-319 Link
function withdraw( uint256 assets, address receiver, address owner ) public override returns (uint256 shares) {
File: AutoPxGmx.sol Line: 339-343 Link
function redeem( uint256 shares, address receiver, address owner ) public override returns (uint256 assets) {
#0 - c4-judge
2022-12-05T09:01:09Z
Picodes marked the issue as grade-b