Platform: Code4rena
Start Date: 27/10/2022
Pot Size: $33,500 USDC
Total HM: 8
Participants: 96
Period: 3 days
Judge: kirk-baird
Total Solo HM: 1
Id: 176
League: ETH
Rank: 44/96
Findings: 2
Award: $31.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: robee
Also found by: 0x007, 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 8olidity, Awesome, B2, Bnke0x0, Chom, Diana, Dravee, JTJabba, Jeiwan, Josiah, Lambda, Mathieu, Picodes, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Ruhum, Sm4rty, Tricko, Trust, Waze, __141345__, a12jmx, adriro, ajtra, brgltd, c3phas, carlitox477, cccz, ch0bu, chaduke, chrisdior4, corerouter, cryptonue, csanuragjain, ctf_sec, cylzxje, delfin454000, dic0de, djxploit, horsefacts, imare, jayphbee, jwood, ktg, ladboy233, leosathya, lukris02, minhtrng, neko_nyaa, oyc_109, pashov, peritoflores, rbserver, rvierdiiev, shark, tnevler, yixxas
19.6449 USDC - $19.64
delete to reset variablesThe delete keyword better communicates the intention of what you are trying to do.
For example:
File: WardenPledge.sol Line 473
pledgeAvailableRewardAmounts[pledgeId] = 0;
The above could use the delete keyword like so:
delete pledgeAvailableRewardAmounts[pledgeId] // resets to initial value, for uint256 that would be 0
Here are some more instances of this issue:
File: WardenPledge.sol Line 506
File: WardenPledge.sol Line 589
File: WardenPledge.sol: Lines Affected: 71, 292, 295-296, 339, 523, 539, 558, 568, 621-622, 650
// Correction: Change "protocal" to "protocol" 71: uint256 public protocalFeeRatio = 250; // Correction: Change "taget" to "target" and "balacne" to "balance" 292: * @param targetVotes Maximum taget of votes to have (own balacne + delegation) for the receiver // Correction: Change "ot" to "to" 295: * @param maxTotalRewardAmount Maximum total reward amount allowed ot be pulled by this contract // Correction: Change "feeamount" to "fee amount" or "feeAmount" and "ot" to "to" 296: * @param maxFeeAmount Maximum feeamount allowed ot be pulled by this contract // Correction: Change "reards" to "rewards" 339: // Add the total reards as available for the Pledge & write Pledge parameters in storage // Correction: Change "Minmum" to Minimum" 523: * @param minRewardPerSecond Minmum amount of reward per vote per second for the token 539: * @param minRewardsPerSecond Minmum amount of reward per vote per second for each token in the list 558: * @param minRewardPerSecond Minmum amount of reward per vote per second for the token 568: * @param minRewardPerSecond Minmum amount of reward per vote per second for the token // Correction: Change "Platfrom" to "Platform" 621: * @notice Updates the Platfrom fees BPS ratio 622: * @dev Updates the Platfrom fees BPS ratio // Correction: Change "tof" to "to" and "EC20" to "ERC20" 650: * @param token Address tof the EC2O token
Zero address/value checks should be implemented at the constructor to avoid errors that can result in non-functional calls associated with them.
File: WardenPledge.sol Line 131-143
Consider adding these zero address/value checks at the start of the constructor:
if (_votingEscrow == address(0)|| _delegationBoost == address(0) || _chestAddress == address(0)) revert Errors.ZeroAddress(); if(_minTargetVotes == 0) revert Errors.InvalidValue();
#0 - c4-judge
2022-11-12T00:28:54Z
kirk-baird marked the issue as grade-b
🌟 Selected for report: c3phas
Also found by: 0x1f8b, 0xNazgul, 0xRoxas, 0xSmartContract, 0xbepresent, Amithuddar, Awesome, B2, Bnke0x0, Dravee, KoKo, Mathieu, Picodes, RaymondFam, RedOneN, ReyAdmirado, RockingMiles, Ruhum, SadBase, SooYa, Waze, __141345__, adriro, ajtra, ballx, carlitox477, ch0bu, cylzxje, djxploit, durianSausage, emrekocak, erictee, gogo, halden, horsefacts, imare, indijanc, karanctf, leosathya, lukris02, neko_nyaa, oyc_109, peiw, sakman, shark, skyle, tnevler
11.5153 USDC - $11.52
The reason > and < costs less gas is because in the EVM, there is no opcode for >= or <=
Here is an example:
File: WardenPledge.sol Line 223
if(pledgeId >= pledgesIndex()) revert Errors.InvalidPledgeID();
The above could be replaced to the following:
if(pledgeId > pledgesIndex() - 1) revert Errors.InvalidPledgeID();
Here are some more examples of this issue:
File: WardenPledge.sol Line 229
File: WardenPledge.sol Line 374
File: WardenPledge.sol Line 420
File: WardenPledge.sol Line 457
x += y costs more gas than x = x + yHere is an example:
File: WardenPledge.sol Line 340
pledgeAvailableRewardAmounts[vars.newPledgeID] += vars.totalRewardAmount;
The above should be changed to:
pledgeAvailableRewardAmounts[vars.newPledgeID] = pledgeAvailableRewardAmounts[vars.newPledgeID] + vars.totalRewardAmount;
Here are the rest of the instances:
File: WardenPledge.sol Line 268
File: WardenPledge.sol Line 401
File: WardenPledge.sol Line 445
The order of the functions will have an impact on gas consumption. The reason that this is the case is because in smart contracts, there's a difference in the order of the functions. Each position will use up an extra 22 gas. The order is dependent on the Method ID.
For more info: https://medium.com/joyso/solidity-how-does-function-name-affect-gas-consumption-in-smart-contract-47d270d8ac92
The event IncreasePledgeTargetVotes() is not emitting anything in WardenPledge.sol. Consider either removing it from the contract or making use of it.
File: WardenPledge.sol Line 96
#0 - c4-judge
2022-11-12T00:32:25Z
kirk-baird marked the issue as grade-b