Platform: Code4rena
Start Date: 14/07/2022
Pot Size: $25,000 USDC
Total HM: 2
Participants: 63
Period: 3 days
Judge: PierrickGT
Total Solo HM: 1
Id: 147
League: ETH
Rank: 53/63
Findings: 1
Award: $16.99
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xKitsune, 0xNazgul, Aymen0909, Chom, Deivitto, ElKu, JC, JohnSmith, Kaiziron, Limbooo, MadWookie, Meera, ReyAdmirado, Rohan16, Sm4rty, SooYa, TomJ, Trumpero, Waze, __141345__, ajtra, ak1, antonttc, bulej93, c3phas, cRat1st0s, csanuragjain, defsec, durianSausage, fatherOfBlocks, gogo, hake, hickuphh3, ignacio, joestakey, karanctf, kyteg, m_Rassska, pashov, rajatbeladiya, rbserver, robee, rokinot, samruna, sashik_eth, simon135, tofunmi
16.9868 USDC - $16.99
unchecked block can be used for gas efficiency of the expression that can't overflow/underflowL332 could be unchecked since if overflow happens it would be reverted on L319:
contracts/Witch.sol:319 liquidatorCut + auctioneerCut, ... contracts/Witch.sol:332 _collateralBought(vaultId, to, liquidatorCut + auctioneerCut, artIn);
https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L332 Same here: https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L382
L598 could be unchecked since auctioneerCut always be less than liquidatorCut, because auctioneerReward can't be grather than 1e18 (check on L162):
contracts/Witch.sol:597 auctioneerCut = liquidatorCut.wmul(auctioneerReward); contracts/Witch.sol:598 liquidatorCut -= auctioneerCut;
https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L598
L444 could be unchecked since if artIn < auction_.art it would reverted on L438
contracts/Witch.sol:438 auction_.art - artIn >= debt.min * (10**debt.dec), ... contracts/Witch.sol:444 auction_.art -= artIn.u128();
https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L444
Custom errors are available from solidity version 0.8.4. They cost cheaper than require/revert strings.
contracts/Witch.sol:84 require(param == "ladle", "Unrecognized"); contracts/Witch.sol:102 require(initialOffer <= 1e18, "InitialOffer above 100%"); contracts/Witch.sol:103 require(proportion <= 1e18, "Proportion above 100%"); contracts/Witch.sol:106 "InitialOffer below 1%" contracts/Witch.sol:108 require(proportion >= 0.01e18, "Proportion below 1%"); contracts/Witch.sol:189 require(cauldron.level(vaultId) < 0, "Not undercollateralized"); contracts/Witch.sol:200 require(limits_.sum <= limits_.max, "Collateral limit reached"); contracts/Witch.sol:255 require(auction_.start > 0, "Vault not under auction"); contracts/Witch.sol:256 require(cauldron.level(vaultId) >= 0, "Undercollateralized"); contracts/Witch.sol:300 require(auction_.start > 0, "Vault not under auction"); contracts/Witch.sol:313 require(liquidatorCut >= minInkOut, "Not enough bought"); contracts/Witch.sol:328 require(baseJoin != IJoin(address(0)), "Join not found"); contracts/Witch.sol:358 require(auction_.start > 0, "Vault not under auction"); contracts/Witch.sol:365 require(liquidatorCut >= minInkOut, "Not enough bought"); contracts/Witch.sol:395 require(ilkJoin != IJoin(address(0)), "Join not found"); contracts/Witch.sol:416 require(auction_.start > 0, "Vault not under auction"); contracts/Witch.sol:439 "Leaves dust"
>0 costs more gas than !=0 when used with uint in require statementcontracts/Witch.sol:255 require(auction_.start > 0, "Vault not under auction"); contracts/Witch.sol:300 require(auction_.start > 0, "Vault not under auction"); contracts/Witch.sol:358 require(auction_.start > 0, "Vault not under auction"); contracts/Witch.sol:416 require(auction_.start > 0, "Vault not under auction");