Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $75,000 USDC
Total HM: 6
Participants: 55
Period: 7 days
Judge: Albert Chon
Total Solo HM: 2
Id: 116
League: COSMOS
Rank: 51/55
Findings: 1
Award: $69.51
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: GermanKuber
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xf15ers, 0xkatana, AlleyCat, CertoraInc, Dravee, Funen, GimelSec, IllIllI, JC, MaratCerby, WatchPug, Waze, defsec, delfin454000, ellahi, gzeon, hake, hansfriese, ilan, jonatascm, nahnah, oyc_109, peritoflores, rfa, robee, simon135, slywaters, sorrynotsorry
69.5108 USDC - $69.51
Initializing integers to zero consumes gas an is unnecessary. This is important as many of those function are called inside a loop .
checkValidatorSignaturesIn the function checkValidatorSignatures at some part of your code you can revert just inside the loop to avoid calculating twice cumulativePower > _powerThreshold
// Break early to avoid wasting gas if (cumulativePower > _powerThreshold) { break; } } } // Check that there was enough power require( cumulativePower > _powerThreshold, "Submitted validator set signatures do not have enough power." ); // Success }
Modify break for
revert("Submitted validator set signatures do not have enough power.")
​
​ As you are using solidity >= 0.8 it is not necessary to use SafeMath so you can remove
Remove
import "@openzeppelin/contracts/math/SafeMath.sol";
using SafeMath for uint256;
Replace
[-] totalFee = totalFee.add(_fees[i]); #L455 [+] totalFee = totalFee + _fees[i];
The following line is repeated at #L349, 465, 585, 601, 621
[-] state_lastEventNonce = state_lastEventNonce.add(1); [+] state_lastEventNonce++;
#0 - V-Staykov
2022-05-10T12:30:18Z
[G-02] Is a good catch, but the solution is not right. When cumulativePower > _powerThreshold we expect the function to pass and not revert. The revert should only happen when the loop finishes and still the cumulitivePower has not reached the threshold.