Back to rfa's contests

Aura Finance contest - rfa's results

Providing optimal incentives for VotingEscrow systems.

General Information

Platform: Code4rena

Start Date: 11/05/2022

Pot Size: $150,000 USDC

Total HM: 23

Participants: 93

Period: 14 days

Judge: LSDan

Total Solo HM: 18

Id: 123

League: ETH

Aura Finance

Findings Distribution

Researcher Performance

Rank: 85/93

Findings: 1

Award: $83.52

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAura Finance

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, BowTiedWardens, CertoraInc, DavidGialdi, FSchmoede, Fitraldys, Funen, GimelSec, Hawkeye, JC, Kaiziron, Kthere, MaratCerby, MiloTruck, NoamYakov, QuantumBrief, Randyyy, Ruhum, SmartSek, SooYa, Tadashi, TerrierLover, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, antonttc, asutorufos, bobirichman, c3phas, catchup, csanuragjain, cthulhu_cult, defsec, delfin454000, ellahi, fatherOfBlocks, hansfriese, hyh, jayjonah8, joestakey, kenta, marcopaladin, mics, minhquanym, orion, oyc_109, reassor, rfa, robee, sach1r0, samruna, sashik_eth, sikorico, simon135, unforgiven, z3s, zmj

Awards

83.5222 USDC - $83.52

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

##gas

Title: Unnecessary math operation and SLOAD in mint()

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L101

minterMinted is a variable which set to 0 when init() is called. The mint() function checks that totalSupply() != 0 at L67 (which mean this function only able to be call after init() was executes and set minterMinted = 0). So subtraction at L101 is an unnecessary math operation and SLOAD. I recommend to remove minterMinted var at L101

Title: Do math operation directly

Occurrence: https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L52 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L104 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L111 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L115 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L117 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L109

Calling auraMath.function to do a simple math (add, sub, mul, and div) is not an effective way. Using simple math operator (+, -, *, /) is way more efficient and increase the readability of the code.

Title: Initialization var with default value

Occurrences: https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L35 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L38-L39 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L72

Set a storage with default value (0 for uint) is gas consuming. Declaring without value can save gas RECOMMENDATION MITIGATION STEP

	uint pendingPenalty; //@audit-info: Remove = 0

Title: Using != operator instead <

Occurrences: https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L68 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L121 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L139 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L210 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L210

Using != to validate var is not zero is way more effective than using < operator.

Title: Var can be set immutable

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L117-L118

_name and _symbol are set once in the constructor. Set it immutable can save gas

Title: Saving 1 storage slot in AuraLocker contract

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L114

Each 1 storage slot in solidity can store 32 bytes size. Address has 20 bytes size and 1 bytes for bool data type. By locating bool next to address can save 1 slot (instead put bool next to uint in current implementation). Change to:

address public immutable cvxcrvStaking;
bool public isShutdown = false; // @audit-info: Move isShutdown next to any address in the contract

Title: Using prefix increment and unchecked for i inside the for() loop

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L174

Using prefix increment and unchecked can save gas each we doing loop Change to:

            for (uint256 i = 0; i < rewardTokensLength;) {
                address token = rewardTokens[i];
                uint256 newRewardPerToken = _rewardPerToken(token);
                rewardData[token].rewardPerTokenStored = newRewardPerToken.to96();
                rewardData[token].lastUpdateTime = _lastTimeRewardApplicable(rewardData[token].periodFinish).to32();
                if (_account != address(0)) {
                    userData[_account][token] = UserData({
                        rewardPerTokenPaid: newRewardPerToken.to128(),
                        rewards: _earned(_account, token, userBalance.locked).to128()
                    });
                }
		unchecked{++i;}
            }

Title: Use only 1 SafeApprove call

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L239-L242

Doing two approve calls when we could just use one. Doing two safeApprove calls with value = 0 and after value = max doesn't seem to provide any extra feature.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter