Platform: Code4rena
Start Date: 16/12/2021
Pot Size: $100,000 USDC
Total HM: 21
Participants: 25
Period: 7 days
Judge: alcueca
Total Solo HM: 12
Id: 66
League: ETH
Rank: 20/25
Findings: 2
Award: $256.72
π Selected for report: 2
π Solo Findings: 0
p4st13r4
Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met. Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc...
Many require calls contain long revert strings, e.g: https://github.com/code-423n4/2021-12-yetifinance/blob/main/packages/contracts/contracts/ActivePool.sol#L225
Editor
#0 - kingyetifinance
2022-01-06T08:47:46Z
Duplicate #66
26.3494 USDC - $26.35
p4st13r4
sYETIToken.sol has a useless require in mint function:
require(msg.sender != address(0), "Zero address");
Editor
Remove it to save on gas
#0 - kingyetifinance
2022-01-06T08:47:22Z
@LilYeti Duplicate #103
26.3494 USDC - $26.35
p4st13r4
WJLP.sol has some leftover hardhatβ console.log calls in it. They have to be removed before deploying to mainnet
Editor
Remove console.log invokations
#0 - kingyetifinance
2022-01-05T08:33:52Z
@LilYeti: Duplicate with #106
π Selected for report: p4st13r4
97.5905 USDC - $97.59
p4st13r4
In WJLP.sol, state variables JLP and JOE are initialized in the constructor and never reassigned again. Thus, they can be declared immutable rather than constant in order to save gas
Editor
#0 - kingyetifinance
2022-01-06T08:49:31Z
@LilYeti: Again similar to #10 and #148 and #132 but different variables
p4st13r4
Contracts in the root directory use pragma solidity 0.6.11;, while contracts in AssetWrappers folder use pragma solidity 0.8.7;. Itβs a good practice to stick with a single, fixed compiler version among a single codebase. Solidity ^0.8.0 offers improvements over older versions, such as safe math operations (and possibly at a lower gas cost than the SafeMath equivalent)
Editor
Upgrade all the contracts to a version of solidity ^0.8.0
#0 - kingyetifinance
2022-01-05T08:32:54Z
@LilYeti: Duplicate with #21
#1 - alcueca
2022-01-15T07:03:56Z
Taking as main
#2 - alcueca
2022-01-15T16:04:16Z
Low severity, as the risk of using an outdated compiler go beyond just code style or off-chain issues.