Platform: Code4rena
Start Date: 14/09/2022
Pot Size: $50,000 USDC
Total HM: 25
Participants: 110
Period: 5 days
Judge: hickuphh3
Total Solo HM: 9
Id: 162
League: ETH
Rank: 67/110
Findings: 1
Award: $52.83
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xc0ffEE, 0xkatana, Aymen0909, Bnke0x0, Deivitto, Diana, JAGADESH, KIntern_NA, Lambda, MiloTruck, R2, RaymondFam, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Samatak, Sm4rty, SnowMan, Tomio, Tomo, WilliamAmbrozic, _Adam, __141345__, ajtra, ak1, async, c3phas, ch0bu, cryptostellar5, d3e4, delfin454000, dharma09, djxploit, durianSausage, eierina, erictee, fatherOfBlocks, gianganhnguyen, gogo, ignacio, imare, jag, jonatascm, leosathya, lukris02, malinariy, oyc_109, pashov, pauliax, peanuts, peiw, prasantgupta52, robee, rokinot, rotcivegaf, rvierdiiev, seyni, simon135, slowmoses, sryysryy, tnevler, zishansami
52.8286 USDC - $52.83
Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met).
091: require((shares = previewDeposit(id, assets)) != 0, "ZERO_SHARES"); 116: require( msg.sender == owner || isApprovedForAll(owner, receiver), "Only owner can withdraw, or owner has approved receiver for all" );
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/oracles/PegOracle.sol
023: require(_oracle1 != address(0), "oracle1 cannot be the zero address"); 024: require(_oracle2 != address(0), "oracle2 cannot be the zero address"); 025: require(_oracle1 != _oracle2, "Cannot be same Oracle"); 028: require( (priceFeed1.decimals() == priceFeed2.decimals()), "Decimals must be the same" ); 098: require(price1 > 0, "Chainlink price <= 0"); 099: require( answeredInRound1 >= roundID1, "RoundID from Oracle is outdated!" ); 103: require(timeStamp1 != 0, "Timestamp == 0 !"); 121: require(price2 > 0, "Chainlink price <= 0"); 122: require( answeredInRound2 >= roundID2, "RoundID from Oracle is outdated!" ); 126: require(timeStamp2 != 0, "Timestamp == 0 !");
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/StakingRewards.sol
096: require(amount != 0, "Cannot stake 0"); 119: require(amount > 0, "Cannot withdraw 0"); 202: require( rewardRate <= balance.div(rewardsDuration), "Provided reward too high" ); 217: require( tokenAddress != address(stakingToken), "Cannot withdraw the staking token" ); 226: require( block.timestamp > periodFinish, "Previous rewards period must be complete before changing the duration for the new period" );
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol
165: require((shares = previewDeposit(id, assets)) != 0, "ZeroValue"); 187: require(msg.value > 0, "ZeroValue");
Reducing the size of errors decrease deployment cost and runtime cost when the revert condition is met.
116: require( msg.sender == owner || isApprovedForAll(owner, receiver), "Only owner can withdraw, or owner has approved receiver for all" );
i++ instead of ++i and inline unchecked{++i} could be usedi++ cost 5 more gas per iteration than ++i and the increment could be unchecked.
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol
443: for (uint256 i = 0; i < epochsLength(); i++) {
Explicitly initializing a variable with its default value wastes gas.
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/StakingRewards.sol
036: uint256 public periodFinish = 0;
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol
443: for (uint256 i = 0; i < epochsLength(); i++) {
epochsLength() should be cachedepochsLength() is called twice per loop :
when checking if the condition i < epochsLength() is true
when checking if the condition i == epochsLength() - 1 is true
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol
443: for (uint256 i = 0; i < epochsLength(); i++) { 445: if (i == epochsLength() - 1) {
Using if(bool) or if(!bool) instead of if(bool == true) or if(bool == false) cost less gas.
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Controller.sol
093: if(vault.idExists(epochEnd) == false) 211: if(insrVault.idExists(epochEnd) == false || riskVault.idExists(epochEnd) == false)
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/RewardsFactory.sol
096: if(Vault(_insrToken).idExists(_epochEnd) == false || Vault(_riskToken).idExists(_epochEnd) == false)
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol
096: if((block.timestamp < id) && idDepegged[id] == false) 215: if( msg.sender != owner && isApprovedForAll(owner, receiver) == false)
File : https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol
314: if(idExists[epochEnd] == true)
EMPTY variable is not consistently used and use more gasUsing the variable EMPTY use more deployment and runtime gas than hardcoding "".
And the variable is not always used (see below).
069: ) ERC1155("") {