Platform: Code4rena
Start Date: 21/12/2021
Pot Size: $30,000 USDC
Total HM: 20
Participants: 20
Period: 5 days
Judge: Jack the Pug
Total Solo HM: 13
Id: 70
League: ETH
Rank: 8/20
Findings: 3
Award: $498.69
🌟 Selected for report: 6
🚀 Solo Findings: 0
🌟 Selected for report: TomFrenchBlockchain
116.4719 USDC - $116.47
robee
Missing slipage protection may lead to losing assets while swapping them. Without slipage protection the swapper is allowed to give much less worth of target tokens than it should in a fair swap. to Missing slippage protection at:
no slippage protection at _swap at VaderRouter.sol at line 325 no slippage protection at _swap at VaderRouter.sol at line 341 no slippage protection at _swap at VaderRouterV2.sol at line 322
#0 - jack-the-pug
2022-03-13T06:31:19Z
Dup #2
26.2062 USDC - $26.21
robee
A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit. This is a Med Risk issue since it can lead to DoS with a reasonable chance of having untrusted owner or even an owner that did a mistake in good faith.
LiquidityBasedTWAP.sol (L121): Unbounded loop on the array vaderPairs that can be publicly pushed by ['setupVader', 'addVaderPair', '_addVaderPair'] and can't be pulled LiquidityBasedTWAP.sol (L196): Unbounded loop on the array vaderPairs that can be publicly pushed by ['setupVader', 'addVaderPair', '_addVaderPair'] and can't be pulled LiquidityBasedTWAP.sol (L324): Unbounded loop on the array usdvPairs that can be publicly pushed by ['setupUSDV', 'addUSDVPair', '_addUSDVPair'] and can't be pulled LiquidityBasedTWAP.sol (L390): Unbounded loop on the array usdvPairs that can be publicly pushed by ['setupUSDV', 'addUSDVPair', '_addUSDVPair'] and can't be pulled
#0 - jack-the-pug
2022-03-13T11:31:28Z
Dup #110
15.5017 USDC - $15.50
robee
Reading a storage variable is gas costly (SLOAD). In cases of multiple read of a storage variable in the same scope, caching the first read (i.e saving as a local variable) can save gas and decrease the overall gas uses. The following is a list of functions and the storage variables that you read twice:
VaderPoolV2.sol Variable wrapper is read 2 times in the function: initialize VaderPoolV2.sol Variable queueActive is read 2 times in the function: setQueue UniswapV2ERC20.sol Variable totalSupply is read 2 times in the function: _mint UniswapV2ERC20.sol Variable totalSupply is read 2 times in the function: _burn UniswapV2Pair.sol Variable MINIMUM_LIQUIDITY is read 2 times in the function: mint MockUniswapV2Factory.sol Variable feeToSetter is read 2 times in the function: setFeeToSetter MockUniswapV2Router.sol Variable factory is read 2 times in the function: swapExactTokensForTokens MockUniswapV2Router.sol Variable factory is read 2 times in the function: swapTokensForExactTokens MockUniswapV2Router.sol Variable factory is read 2 times in the function: swapExactETHForTokens MockUniswapV2Router.sol Variable factory is read 2 times in the function: swapTokensForExactETH MockUniswapV2Router.sol Variable factory is read 2 times in the function: swapExactTokensForETH MockUniswapV2Router.sol Variable factory is read 2 times in the function: swapETHForExactTokens Owned.sol Variable nominatedOwner is read 3 times in the function: acceptOwnership StakingRewards.sol Variable rewardRate is read 2 times in the function: notifyRewardAmount StakingRewards.sol Variable rewardsDuration is read 3 times in the function: notifyRewardAmount Converter.sol Variable vesting is read 2 times in the function: setVesting Vader.sol Variable converter is read 2 times in the function: setComponents Vader.sol Variable usdv is read 2 times in the function: setUSDV Ownable.sol Variable nominatedOwner is read 3 times in the function: acceptOwnership VaderBond.sol Variable totalDebt is read 2 times in the function: deposit VaderBond.sol Variable treasury is read 2 times in the function: setTreasury
🌟 Selected for report: pauliax
Also found by: Dravee, Jujic, Meta0xNull, robee
7.5338 USDC - $7.53
robee
The following require messages are of length more than 32 and we think are short enough to short them into exactly 32 characters such that it will be placed in one slot of memory and the require function will cost less gas. The list:
Solidity file: BasePool.sol, In line 218, Require message length to shorten: 35, The message: BasePool::burn: Incorrect Ownership Solidity file: BasePool.sol, In line 399, Require message length to shorten: 35, The message: BasePool::_update: Balance Overflow Solidity file: VaderRouter.sol, In line 196, Require message length to shorten: 38, The message: UniswapV2Router: INSUFFICIENT_A_AMOUNT Solidity file: VaderRouter.sol, In line 200, Require message length to shorten: 38, The message: UniswapV2Router: INSUFFICIENT_B_AMOUNT Solidity file: BasePoolV2.sol, In line 208, Require message length to shorten: 37, The message: BasePoolV2::burn: Incorrect Ownership Solidity file: BasePoolV2.sol, In line 299, Require message length to shorten: 39, The message: BasePoolV2::doubleSwap: Swap Impossible Solidity file: BasePoolV2.sol, In line 330, Require message length to shorten: 39, The message: BasePoolV2::doubleSwap: Swap Impossible Solidity file: BasePoolV2.sol, In line 552, Require message length to shorten: 37, The message: BasePoolV2::_update: Balance Overflow Solidity file: VaderPoolV2.sol, In line 213, Require message length to shorten: 40, The message: VaderPoolV2::burnSynth: Inexistent Synth Solidity file: VaderRouterV2.sol, In line 217, Require message length to shorten: 36, The message: VaderRouterV2: INSUFFICIENT_A_AMOUNT Solidity file: VaderRouterV2.sol, In line 218, Require message length to shorten: 36, The message: VaderRouterV2: INSUFFICIENT_B_AMOUNT Solidity file: LPWrapper.sol, In line 12, Require message length to shorten: 40, The message: LPWrapper::constructor: Misconfiguration Solidity file: BitMath.sol, In line 8, Require message length to shorten: 33, The message: BitMath::mostSignificantBit: zero Solidity file: BitMath.sol, In line 45, Require message length to shorten: 34, The message: BitMath::leastSignificantBit: zero Solidity file: FixedPoint.sol, In line 97, Require message length to shorten: 33, The message: FixedPoint::muluq: upper overflow Solidity file: FixedPoint.sol, In line 120, Require message length to shorten: 35, The message: FixedPoint::divuq: division by zero Solidity file: FixedPoint.sol, In line 142, Require message length to shorten: 38, The message: FixedPoint::fraction: division by zero Solidity file: UniswapV2Library.sol, In line 18, Require message length to shorten: 37, The message: UniswapV2Library: IDENTICAL_ADDRESSES Solidity file: UniswapV2Library.sol, In line 71, Require message length to shorten: 37, The message: UniswapV2Library: INSUFFICIENT_AMOUNT Solidity file: UniswapV2Library.sol, In line 72, Require message length to shorten: 40, The message: UniswapV2Library: INSUFFICIENT_LIQUIDITY Solidity file: UniswapV2Library.sol, In line 86, Require message length to shorten: 40, The message: UniswapV2Library: INSUFFICIENT_LIQUIDITY Solidity file: UniswapV2Library.sol, In line 103, Require message length to shorten: 40, The message: UniswapV2Library: INSUFFICIENT_LIQUIDITY Solidity file: UniswapV2Pair.sol, In line 154, Require message length to shorten: 40, The message: UniswapV2: INSUFFICIENT_LIQUIDITY_MINTED Solidity file: UniswapV2Pair.sol, In line 179, Require message length to shorten: 40, The message: UniswapV2: INSUFFICIENT_LIQUIDITY_BURNED Solidity file: UniswapV2Pair.sol, In line 201, Require message length to shorten: 37, The message: UniswapV2: INSUFFICIENT_OUTPUT_AMOUNT Solidity file: UniswapV2Pair.sol, In line 206, Require message length to shorten: 33, The message: UniswapV2: INSUFFICIENT_LIQUIDITY Solidity file: UniswapV2Pair.sol, In line 236, Require message length to shorten: 36, The message: UniswapV2: INSUFFICIENT_INPUT_AMOUNT Solidity file: LiquidityBasedTWAP.sol, In line 39, Require message length to shorten: 34, The message: LBTWAP::construction: Zero Address Solidity file: LiquidityBasedTWAP.sol, In line 227, Require message length to shorten: 39, The message: LBTWAP::setupVader: Already Initialized Solidity file: LiquidityBasedTWAP.sol, In line 261, Require message length to shorten: 36, The message: LBTWAP::addVaderPair: Non-USD Oracle Solidity file: LiquidityBasedTWAP.sol, In line 273, Require message length to shorten: 38, The message: LBTWAP::addVaderPair: Unsupported Pair Solidity file: LiquidityBasedTWAP.sol, In line 421, Require message length to shorten: 38, The message: LBTWAP::setupUSDV: Already Initialized Solidity file: LiquidityBasedTWAP.sol, In line 437, Require message length to shorten: 39, The message: LBTWAP::addUSDVPair: USDV Uninitialized Solidity file: LiquidityBasedTWAP.sol, In line 455, Require message length to shorten: 35, The message: LBTWAP::addUSDVPair: Non-USD Oracle Solidity file: MockUniswapV2Router.sol, In line 176, Require message length to shorten: 38, The message: UniswapV2Router: INSUFFICIENT_A_AMOUNT Solidity file: MockUniswapV2Router.sol, In line 180, Require message length to shorten: 38, The message: UniswapV2Router: INSUFFICIENT_B_AMOUNT Solidity file: MockUniswapV2Router.sol, In line 410, Require message length to shorten: 39, The message: UniswapV2Router: EXCESSIVE_INPUT_AMOUNT Solidity file: MockUniswapV2Router.sol, In line 467, Require message length to shorten: 39, The message: UniswapV2Router: EXCESSIVE_INPUT_AMOUNT Solidity file: MockUniswapV2Router.sol, In line 527, Require message length to shorten: 39, The message: UniswapV2Router: EXCESSIVE_INPUT_AMOUNT Solidity file: StakingRewards.sol, In line 168, Require message length to shorten: 33, The message: Cannot withdraw the staking token Solidity file: Converter.sol, In line 66, Require message length to shorten: 40, The message: Converter::constructor: Misconfiguration Solidity file: Converter.sol, In line 131, Require message length to shorten: 38, The message: Converter::convert: Vesting is not set Solidity file: USDV.sol, In line 172, Require message length to shorten: 40, The message: USDV::initialize: Improper Configuration Solidity file: USDV.sol, In line 199, Require message length to shorten: 38, The message: USDV::setLock: Insufficient Privileges Solidity file: Vader.sol, In line 107, Require message length to shorten: 33, The message: Vader::setComponents: Already Set Solidity file: Vader.sol, In line 137, Require message length to shorten: 36, The message: Vader::setUSDV: Invalid USDV address Solidity file: LinearVesting.sol, In line 115, Require message length to shorten: 37, The message: LinearVesting::claim: Not Started Yet Solidity file: LinearVesting.sol, In line 127, Require message length to shorten: 38, The message: LinearVesting::claim: Nothing to claim Solidity file: LinearVesting.sol, In line 221, Require message length to shorten: 40, The message: LinearVesting::vestFor: Already a vester Solidity file: FixedPoint.sol, In line 30, Require message length to shorten: 38, The message: FixedPoint::fraction: division by zero
#0 - jack-the-pug
2022-03-12T14:43:18Z
Dup #188
15.5017 USDC - $15.50
robee
Storage double reading. Could save SLOAD GAS Reading a storage variable is gas costly (SLOAD). In cases of multiple read of a storage variable in the same scope, caching the first read (i.e saving as a local variable) can save gas and decrease the overall gas uses. The following is a list of functions and the storage variables that you read twice:
VaderPoolFactory.sol: nativeAsset is read twice in createPool VaderRouter.sol: factory.getPool is read twice in _swap VaderRouter.sol: factory.getPool is read twice in calculateInGivenOut VaderRouter.sol: factory.getPool is read twice in calculateOutGivenIn VaderRouterV2.sol: pool.supported is read twice in addLiquidity VaderRouterV2.sol: nativeAsset is read twice in addLiquidity FixedPoint.sol: RESOLUTION is read twice in muluq FixedPoint.sol: Q112 is read twice in divuq FixedPoint.sol: LOWER_MASK is read twice in muluq UniswapV2ERC20.sol: name is read twice in constructor UniswapV2Pair.sol: MINIMUM_LIQUIDITY is read twice in mint LiquidityBasedTWAP.sol: vader is read twice in getStaleVaderPrice LiquidityBasedTWAP.sol: vader is read twice in syncVaderPrice LiquidityBasedTWAP.sol: vader is read twice in _calculateVaderPrice LiquidityBasedTWAP.sol: vader is read twice in _addVaderPair LiquidityBasedTWAP.sol: vader is read twice in _updateUSDVPrice LiquidityBasedTWAP.sol: vader is read twice in _addUSDVPair MockUniswapV2Router.sol: factory is read twice in _addLiquidity MockUniswapV2Router.sol: factory is read twice in _swap MockUniswapV2Router.sol: factory is read twice in swapExactTokensForTokens MockUniswapV2Router.sol: factory is read twice in swapTokensForExactTokens MockUniswapV2Router.sol: factory is read twice in swapExactETHForTokens MockUniswapV2Router.sol: factory is read twice in swapTokensForExactETH MockUniswapV2Router.sol: factory is read twice in swapExactTokensForETH MockUniswapV2Router.sol: factory is read twice in swapETHForExactTokens MockUniswapV2Router.sol: factory is read twice in _swapSupportingFeeOnTransferTokens MockUniswapV2Router.sol: WETH is read twice in addLiquidityETH MockUniswapV2Router.sol: WETH is read twice in removeLiquidityETH MockUniswapV2Router.sol: WETH is read twice in removeLiquidityETHSupportingFeeOnTransferTokens MockUniswapV2Router.sol: WETH is read twice in swapExactETHForTokens MockUniswapV2Router.sol: WETH is read twice in swapTokensForExactETH MockUniswapV2Router.sol: WETH is read twice in swapExactTokensForETH MockUniswapV2Router.sol: WETH is read twice in swapETHForExactTokens MockUniswapV2Router.sol: WETH is read twice in swapExactETHForTokensSupportingFeeOnTransferTokens MockUniswapV2Router.sol: WETH is read twice in swapExactTokensForETHSupportingFeeOnTransferTokens Owned.sol: owner is read twice in acceptOwnership Owned.sol: owner is read twice in _onlyOwner Owned.sol: nominatedOwner is read twice in acceptOwnership StakingRewards.sol: periodFinish is read twice in lastTimeRewardApplicable StakingRewards.sol: rewardsDuration is read twice in notifyRewardAmount Converter.sol: vader is read twice in convert LinearVesting.sol: converter is read twice in _onlyConverter Ownable.sol: nominatedOwner is read twice in acceptOwnership VaderBond.sol: MAX_PERCENT_VESTED is read twice in redeem VaderBond.sol: MAX_PERCENT_VESTED is read twice in pendingPayoutFor VaderBond.sol: payoutToken.transfer is read twice in redeem VaderBond.sol: principalToken is read twice in deposit VaderBond.sol: totalDebt is read twice in debtDecay
#0 - jack-the-pug
2022-03-12T14:38:32Z
Dup #15
🌟 Selected for report: robee
57.4139 USDC - $57.41
robee
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free. The advantages of versions 0.8.* over <0.8.0 are: 1. Safemath by default from 0.8.0 (can be more gas efficient than library based safemath.) 2. Low level inliner : from 0.8.2, leads to cheaper runtime gas. Especially relevant when the contract has small functions. For example, OpenZeppelin libraries typically have a lot of small helper functions and if they are not inlined, they cost an additional 20 to 40 gas because of 2 extra jump instructions and additional stack operations needed for function calls. 3. Optimizer improvements in packed structs: Before 0.8.3, storing packed structs, in some cases used an additional storage read operation. After EIP-2929, if the slot was already cold, this means unnecessary stack operations and extra deploy time costs. However, if the slot was already warm, this means additional cost of 100 gas alongside the same unnecessary stack operations and extra deploy time costs. 4. Custom errors from 0.8.4, leads to cheaper deploy time cost and run time cost. Note: the run time cost is only relevant when the revert condition is met. In short, replace revert strings by custom errors. IUniswapV2Callee.sol IUniswapV2Factory.sol IUniswapV2Router01.sol IUniswapV2Router02.sol IWETH.sol Migrations.sol IERC20Metadata.sol ITreasury.sol FixedPoint.sol FullMath.sol Ownable.sol Treasury.sol VaderBond.sol
15.5017 USDC - $15.50
robee
The following functions could be set external to save gas and improve code quality. External call cost is less expensive than of public functions.
The function name in BasePool.sol could be set external The function swap in BasePool.sol could be set external The function getReserves in BasePool.sol could be set external The function removeLiquidity in VaderRouter.sol could be set external The function addLiquidity in VaderRouter.sol could be set external The function cumulativePrices in VaderPoolV2.sol could be set external The function removeLiquidity in VaderRouterV2.sol could be set external The function addLiquidity in VaderRouterV2.sol could be set external The function balanceOf in LPToken.sol could be set external The function totalSupply in LPToken.sol could be set external The function getReserves in UniswapV2Pair.sol could be set external The function syncUSDVPrice in LiquidityBasedTWAP.sol could be set external The function syncVaderPrice in LiquidityBasedTWAP.sol could be set external The function getChainlinkPrice in LiquidityBasedTWAP.sol could be set external The function setCompleted in Migrations.sol could be set external The function CHAINID in MockGovernorAlpha.sol could be set external The function MINIMUM_DELAY in MockTimelock.sol could be set external The function GRACE_PERIOD in MockTimelock.sol could be set external The function MAXIMUM_DELAY in MockTimelock.sol could be set external The function decimals in MockToken.sol could be set external The function mint in MockToken.sol could be set external The function burn in MockToken.sol could be set external The function getAmountIn in MockUniswapV2Router.sol could be set external The function getAmountsIn in MockUniswapV2Router.sol could be set external The function getAmountOut in MockUniswapV2Router.sol could be set external The function getAmountsOut in MockUniswapV2Router.sol could be set external The function quote in MockUniswapV2Router.sol could be set external The function reserve in VaderReserve.sol could be set external The function withdraw in StakingRewards.sol could be set external The function earned in StakingRewards.sol could be set external The function lastTimeRewardApplicable in StakingRewards.sol could be set external The function getReward in StakingRewards.sol could be set external The function rewardPerToken in StakingRewards.sol could be set external The function maxPayout in VaderBond.sol could be set external The function debtDecay in VaderBond.sol could be set external The function currentDebt in VaderBond.sol could be set external The function percentVestedFor in VaderBond.sol could be set external The function debtRatio in VaderBond.sol could be set external The function payoutFor in VaderBond.sol could be set external The function bondPrice in VaderBond.sol could be set external
#0 - jack-the-pug
2022-03-12T14:46:49Z
Dup #175
🌟 Selected for report: robee
57.4139 USDC - $57.41
robee
In the following files there are contract imports that aren't used. Import of unnecessary files costs deployment gas (and is a bad coding practice that is important to ignore). The following is a full list of all unused imports, we went through the whole code to find it :) <solidity file> <line number> <actual import line>:
BasePool.sol, line 10, // import "../queue/SwapQueue.sol"; VaderRouterV2.sol, line 8, import "../../dex/math/VaderMath.sol"; ILPToken.sol, line 4, import "../../shared/IERC20Extended.sol"; USDV.sol, line 12, import "../interfaces/reserve/IVaderReserve.sol";
🌟 Selected for report: robee
57.4139 USDC - $57.41
robee
Unused state variables are gas consuming at deployment (since they are located in storage) and are a bad code practice. Removing those variables will decrease deployment gas cost and improve code quality. This is a full list of all the unused storage variables we found in your code base. The format is <solidity file>, <unused storage variable name>:
UniswapV2ERC20.sol, symbol UniswapV2ERC20.sol, decimals ProtocolConstants.sol, _ZERO_ADDRESS ProtocolConstants.sol, _MAX_BASIS_POINTS ProtocolConstants.sol, _INITIAL_VADER_SUPPLY ProtocolConstants.sol, _VETH_ALLOCATION ProtocolConstants.sol, _TEAM_ALLOCATION ProtocolConstants.sol, _ECOSYSTEM_GROWTH ProtocolConstants.sol, _GRANT_ALLOCATION ProtocolConstants.sol, _EMISSION_ERA ProtocolConstants.sol, _INITIAL_EMISSION_CURVE ProtocolConstants.sol, _MAX_FEE_BASIS_POINTS ProtocolConstants.sol, _VESTING_DURATION ProtocolConstants.sol, _VADER_VETHER_CONVERSION_RATE ProtocolConstants.sol, _BURN ProtocolConstants.sol, _MIN_SWAPS_EXECUTED ProtocolConstants.sol, _DEFAULT_SWAPS_EXECUTED ProtocolConstants.sol, _QUEUE_SIZE ProtocolConstants.sol, _FAST_GAS_ORACLE ProtocolConstants.sol, _GRANT_DELAY ProtocolConstants.sol, _MAX_GRANT_BASIS_POINTS FixedPoint.sol, Q224 FixedPoint.sol, LOWER_MASK
🌟 Selected for report: robee
57.4139 USDC - $57.41
robee
Use bytes32 instead of string to save gas whenever possible. String is a dynamic data structure and therefore is more gas consuming then bytes32. You could use bytes32 instead of string in the following places: List format: <solidity file> <line number> <actual code line>
UniswapV2ERC20.sol, 7, string public constant name = "Uniswap V2"; UniswapV2ERC20.sol, 8, string public constant symbol = "UNI-V2";
🌟 Selected for report: robee
Also found by: TomFrenchBlockchain, defsec
15.5017 USDC - $15.50
robee
In the following files there are state variables that could be set immutable to save gas. The list of format <solidity file>, <state variable name that could be immutable>:
factory in VaderRouter.sol pool in VaderRouterV2.sol DOMAIN_SEPARATOR in UniswapV2ERC20.sol factory in UniswapV2Pair.sol vader in LiquidityBasedTWAP.sol vaderPool in LiquidityBasedTWAP.sol token in MockAggregatorV3.sol mockPrice in MockAggregatorV3.sol timelock in MockTarget.sol factory in MockUniswapV2Router.sol WETH in MockUniswapV2Router.sol vader in VaderReserve.sol vader in USDV.sol vader in LinearVesting.sol converter in LinearVesting.sol vader in XVader.sol PAYOUT_TOKEN_DECIMALS in Treasury.sol payoutToken in Treasury.sol
15.5017 USDC - $15.50
robee
Prefix increments are cheaper than postfix increments.
Further more, using unchecked {++x} is even more gas efficient, and the gas saving accumulates every iteration and can make a real change
There is no risk of overflow caused by increamenting the iteration index in for loops (the ++i in for (uint256 i = 0; i < numIterations; ++i)).
But increments perform overflow checks that are not necessary in this case.
These functions use not using prefix increments (++x) or not using the unchecked keyword:
change to prefix increment and unchecked: UniswapV2Library.sol, i, 121 just change to unchecked: LiquidityBasedTWAP.sol, i, 56 just change to unchecked: LiquidityBasedTWAP.sol, i, 74 just change to unchecked: LiquidityBasedTWAP.sol, i, 126 just change to unchecked: LiquidityBasedTWAP.sol, i, 199 just change to unchecked: LiquidityBasedTWAP.sol, i, 329 just change to unchecked: LiquidityBasedTWAP.sol, i, 393 change to prefix increment and unchecked: MockUniswapV2Router.sol, i, 354 change to prefix increment and unchecked: MockUniswapV2Router.sol, i, 550 change to prefix increment and unchecked: USDV.sol, i, 152 just change to unchecked: LinearVesting.sol, i, 169
#0 - jack-the-pug
2022-03-12T14:51:54Z
Dup #123
25.8362 USDC - $25.84
robee
The following functions could be set private to save gas and improve code quality: calculateLiquidityUnits, VaderMath.sol calculateSlipAdjustment, VaderMath.sol calculateLoss, VaderMath.sol calculateSwap, VaderMath.sol calculateSwapReverse, VaderMath.sol delta, VaderMath.sol pow, VaderMath.sol root, VaderMath.sol _burn, BasePool.sol _update, BasePool.sol _insertQueue, SwapQueue.sol _executeQueue, SwapQueue.sol _burn, BasePoolV2.sol _mint, BasePoolV2.sol _update, BasePoolV2.sol _calculateName, Synth.sol _calculateSymbol, Synth.sol _combine, Synth.sol _calculateSymbol, LPToken.sol sqrt, Babylonian.sol mostSignificantBit, BitMath.sol leastSignificantBit, BitMath.sol encode, FixedPoint.sol encode144, FixedPoint.sol decode, FixedPoint.sol decode144, FixedPoint.sol mul, FixedPoint.sol muli, FixedPoint.sol muluq, FixedPoint.sol divuq, FixedPoint.sol fraction, FixedPoint.sol reciprocal, FixedPoint.sol sqrt, FixedPoint.sol fullMul, FullMath.sol mulDiv, FullMath.sol safeApprove, TransferHelper.sol safeTransfer, TransferHelper.sol safeTransferFrom, TransferHelper.sol safeTransferETH, TransferHelper.sol min, UniswapMath.sol sqrt, UniswapMath.sol sortTokens, UniswapV2Library.sol pairFor, UniswapV2Library.sol getReserves, UniswapV2Library.sol quote, UniswapV2Library.sol getAmountOut, UniswapV2Library.sol getAmountIn, UniswapV2Library.sol getAmountsOut, UniswapV2Library.sol getAmountsIn, UniswapV2Library.sol currentBlockTimestamp, UniswapV2OracleLibrary.sol currentCumulativePrices, UniswapV2OracleLibrary.sol encode, UQ112x112.sol uqdiv, UQ112x112.sol _mint, UniswapV2ERC20.sol _burn, UniswapV2ERC20.sol _updateVaderPrice, LiquidityBasedTWAP.sol _calculateVaderPrice, LiquidityBasedTWAP.sol _addVaderPair, LiquidityBasedTWAP.sol _updateUSDVPrice, LiquidityBasedTWAP.sol _calculateUSDVPrice, LiquidityBasedTWAP.sol _addUSDVPair, LiquidityBasedTWAP.sol _addLiquidity, MockUniswapV2Router.sol _swap, MockUniswapV2Router.sol _swapSupportingFeeOnTransferTokens, MockUniswapV2Router.sol getChainId, Converter.sol decode, FixedPoint.sol decode112with18, FixedPoint.sol fraction, FixedPoint.sol mulDiv, FullMath.sol
🌟 Selected for report: Dravee
Also found by: Meta0xNull, robee
15.5017 USDC - $15.50
robee
In for loops you initialize the index to start from 0, but it already initialized to 0 in default and this assignment cost gas. It is more clear and gas efficient to declare without assigning 0 and will have the same meaning:
USDV.sol, 152 LinearVesting.sol, 169
#0 - jack-the-pug
2022-03-13T11:34:33Z
Dup #126
15.5017 USDC - $15.50
robee
Caching the array length is more gas efficient.
This is because access to a local variable in solidity is more efficient than query storage / calldata / memory
We recommend to change from:
for (uint256 i=0; i<array.length; i++) { ... }
to:
uint len = array.length
for (uint256 i=0; i<len; i++) { ... }
These functions use not using prefix increments (++x) or not using the unchecked keyword:
USDV.sol, userLocks, 152 LinearVesting.sol, vesters, 169
#0 - jack-the-pug
2022-03-12T14:36:54Z
Dup #122