Platform: Code4rena
Start Date: 14/07/2022
Pot Size: $25,000 USDC
Total HM: 2
Participants: 63
Period: 3 days
Judge: PierrickGT
Total Solo HM: 1
Id: 147
League: ETH
Rank: 49/63
Findings: 1
Award: $17.37
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, Aymen0909, Chom, Deivitto, ElKu, JC, JohnSmith, Kaiziron, Limbooo, MadWookie, Meera, ReyAdmirado, Rohan16, Sm4rty, SooYa, TomJ, Trumpero, Waze, __141345__, ajtra, ak1, antonttc, bulej93, c3phas, cRat1st0s, csanuragjain, defsec, durianSausage, fatherOfBlocks, gogo, hake, hickuphh3, ignacio, joestakey, karanctf, kyteg, m_Rassska, pashov, rajatbeladiya, rbserver, robee, rokinot, samruna, sashik_eth, simon135, tofunmi
17.3658 USDC - $17.37
Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them.
Code: https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L84 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L102-108 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L189 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L200 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L255-256 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L300 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L313 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L328 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L358 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L365 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L395 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L416 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L437
Mitigation: Define customer ERROR() and replace require with, `` if (a != b) revert ERROR()
``
Code: https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L255-256 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L300 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L358 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L393-398 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L416
The above variable can be defined as constant and immutable for gas consumption
Code: https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L102-108 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L162-163 https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L587-591
In the above code, a hard number value (1e18) is used. It's better to define a global immutable constant and reference it in the code. It improved code readability and saves gas.
Code: https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L254
In the above code, the storage variable auction_ can be deleted if the next 2 require() statement fails. This will save some unused gas.