Platform: Code4rena
Start Date: 07/04/2022
Pot Size: $100,000 USDC
Total HM: 20
Participants: 62
Period: 7 days
Judge: LSDan
Total Solo HM: 11
Id: 107
League: ETH
Rank: 55/62
Findings: 1
Award: $82.45
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Dravee
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, Cityscape, Cr4ckM3, FSchmoede, Foundation, Funen, Hawkeye, IllIllI, JMukesh, Meta0xNull, PPrieditis, Picodes, TerrierLover, Tomio, WatchPug, berndartmueller, catchup, delfin454000, dirk_y, ellahi, hickuphh3, ilan, kebabsec, kenta, nahnah, rayn, rfa, robee, rokinot, saian, securerodd, slywaters, sorrynotsorry
82.4497 USDC - $82.45
NFTEscrow.sol
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/escrow/NFTEscrow.sol#L91
Utilizing keccak256 over sha256 for your salt will significantly decrease gas usage.
LPFarming.sol
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L256
This function is somewhat redundant and can be removed for more efficient gas, although you might want to keep it due to a slightly improved readability.
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L348
Use ++i instead of i++ in for loops.
StrategyPUSDConvex.sol
Use ++i instead of i++ in for loops.
Based on the logic of the function and the @notice above it, it's unlikely an hypotethical circumstance would require the controller to know which strategy token IERC20 was sent here. With this in mind, these five require functions can be condensed into a single requirement, which consumes less gas. An example of a possible substition is given below:
require(want != _asset && pusd != _asset && usdc != _asset && weth != _asset && jpeg != _asset, "strategy_token");
Controller.sol
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/yVault/Controller.sol#L69
approveStrategy and revokeStrategy are the only functions allowed to modify the state of approvedStrategies[_token][_strategy]. Keep in mind that state variables, mappings included, are all initialized as 0 in solidity by default, which means all mappings will default to false.
You can save gas by removing both require functions from revokeStrategy, since address(0) will never pass as an approved strategy.
In other words, it's not necessary to check if the token or the address is valid to revoke the strategy, since only valid tokens and addresses will be set to true anyway.
NFTVault.sol
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/NFTVault.sol#L181
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/NFTVault.sol#L184
Use ++i and ++j consecutively for loops.