Platform: Code4rena
Start Date: 27/05/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 58
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 15
Id: 131
League: ETH
Rank: 24/58
Findings: 2
Award: $212.43
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xNazgul, 0xf15ers, BowTiedWardens, Chom, Funen, Kaiziron, Kumpa, MiloTruck, Picodes, Ruhum, SecureZeroX, Sm4rty, SmartSek, StyxRave, WatchPug, Waze, asutorufos, bardamu, berndartmueller, c3phas, catchup, cccz, codexploder, cryptphi, defsec, delfin454000, dipp, fatherOfBlocks, gzeon, hake, hansfriese, hyh, masterchief, oyc_109, sach1r0, sashik_eth, shenwilly, simon135, unforgiven
113.5243 USDC - $113.52
protocol/contracts/BkdLocker.sol:173 * @dev This does not invlude the gov. tokens queued for withdrawal. // typo - include protocol/contracts/tokenomics/FeeBurner.sol:29 event Burned(address targetLpToken, uint256 amountBurned); // Emmited after a successfull burn to target lp token // typo - successful protocol/contracts/tokenomics/FeeBurner.sol:84 // Transfering LP tokens back to sender // typo -Transferring
protocol/contracts/tokenomics/InflationManager.sol:532 //TOOD: See if this is still needed somewhere
Numbers like 100000000 could be set 100_000_000 for more readability:
uint256 private constant _CLIFF_SIZE = 100000 * 1e18; //new cliff every 100,000 tokens uint256 private constant _CLIFF_COUNT = 1000; // 1,000 cliffs uint256 private constant _MAX_SUPPLY = 100000000 * 1e18; //100 mil max supply
#0 - GalloDaSballo
2022-06-22T14:42:30Z
Agree with 1 and 2, personal preference on 3
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, Chom, Dravee, Fitraldys, Funen, Kaiziron, MiloTruck, Picodes, Randyyy, RoiEvenHaim, SecureZeroX, Sm4rty, SmartSek, StyxRave, Tadashi, Tomio, Waze, asutorufos, berndartmueller, c3phas, catchup, csanuragjain, defsec, delfin454000, djxploit, fatherOfBlocks, gzeon, hake, hansfriese, oyc_109, robee, sach1r0, sashik_eth, scaraven, simon135
98.9063 USDC - $98.91
> 0 is less gas efficient than != 0 with uint256 in require statement with optimizerprotocol/contracts/BkdLocker.sol:91 require(amount > 0, Error.INVALID_AMOUNT); protocol/contracts/BkdLocker.sol:92 require(totalLockedBoosted > 0, Error.NOT_ENOUGH_FUNDS); protocol/contracts/BkdLocker.sol:137 require(length > 0, "No entries"); protocol/contracts/tokenomics/AmmGauge.sol:104 require(amount > 0, Error.INVALID_AMOUNT); protocol/contracts/tokenomics/AmmGauge.sol:125 require(amount > 0, Error.INVALID_AMOUNT); protocol/contracts/tokenomics/KeeperGauge.sol:140 require(totalClaimable > 0, Error.ZERO_TRANSFER_NOT_ALLOWED); protocol/contracts/tokenomics/VestedEscrow.sol:84 require(unallocatedSupply > 0, "No reward tokens in contract");
Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met.
protocol/contracts/tokenomics/Minter.sol:152 "Maximum non-inflation amount exceeded."
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/tokenomics/Minter.sol#L152
unchecked block can be used for gas efficiency of the expression that can't overflow/underflowCheck comments
protocol/contracts/utils/CvxMintAmount.sol:21 uint256 currentCliff = cvxTotalSupply / _CLIFF_SIZE; // Could be unchecked since _CLIFF_SIZE is non-zero constant protocol/contracts/zaps/PoolMigrationZap.sol:22 for (uint256 i; i < newPools_.length; ++i) { // Increment in for loop can be unchecked, it would never overflow with type uint256 protocol/contracts/tokenomics/VestedEscrow.sol:155 uint256 elapsed = _time - startTime; // Could be unchecked due to check on L152 protocol/contracts/BkdLocker.sol:140 i = i - 1; // Could be unchecked due to check on L139 protocol/contracts/BkdLocker.sol:144 stashedWithdraws[i] = stashedWithdraws[stashedWithdraws.length - 1]; // Could be unchecked since length of stashedWithdraws decrease in sync with counter "i" and loop will end after length 1
Variables that are read multiple times in a code block can be cached and re-used instead of reading from storage to save gas.
protocol/contracts/StakerVault.sol:338 uint256 staked = IERC20(token).balanceOf(address(this)) - oldBal; // token 5 SLOADs
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/StakerVault.sol#L322-L349
protocol/contracts/StakerVault.sol:383 uint256 unstaked = oldBal.uncheckedSub(IERC20(token).balanceOf(address(this))); // token 4 SLOADs
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/StakerVault.sol#L359-L398
The following lines don't change the value of the variable since it's uint256:
protocol/contracts/tokenomics/InflationManager.sol:575 totalKeeperPoolWeight = totalKeeperPoolWeight > 0 ? totalKeeperPoolWeight : 0; protocol/contracts/tokenomics/InflationManager.sol:589 totalLpPoolWeight = totalLpPoolWeight > 0 ? totalLpPoolWeight : 0; protocol/contracts/tokenomics/InflationManager.sol:602 totalAmmTokenWeight = totalAmmTokenWeight > 0 ? totalAmmTokenWeight : 0;
#0 - GalloDaSballo
2022-06-18T21:49:32Z
7 * 3 = 21
6 gas saved
Saves 20 gas per instance 5 * 20 100
5 * 97 - 3 4 * 97 - 3
867
Saves 3 gas per instance 9
Total Gas Saved 1003