Platform: Code4rena
Start Date: 24/03/2023
Pot Size: $49,200 USDC
Total HM: 20
Participants: 246
Period: 6 days
Judge: Picodes
Total Solo HM: 1
Id: 226
League: ETH
Rank: 139/246
Findings: 2
Award: $23.92
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: brgltd
Also found by: 0x3b, 0xAgro, 0xGusMcCrae, 0xNorman, 0xRajkumar, 0xSmartContract, 0xTraub, 0xWagmi, 0xWaitress, 0xffchain, 0xhacksmithh, 0xkazim, 0xnev, 3dgeville, ArbitraryExecution, Aymen0909, BRONZEDISC, Bason, Bloqarl, BlueAlder, Brenzee, CodeFoxInc, CodingNameKiki, Cryptor, DadeKuma, DevABDee, Diana, Dug, Englave, Gde, Haipls, HollaDieWaldfee, Ignite, Infect3d, Jerry0x, Josiah, Kaysoft, Koko1912, KrisApostolov, Lavishq, LeoGold, Madalad, PNS, Rappie, RaymondFam, RedTiger, Rickard, Rolezn, Sathish9098, SunSec, T1MOH, UdarTeam, Udsen, Viktor_Cortess, Wander, adriro, ak1, alejandrocovrr, alexzoid, arialblack14, ayden, bin2chen, brevis, btk, c3phas, carlitox477, catellatech, ch0bu, chaduke, ck, climber2002, codeslide, descharre, dingo2077, ernestognw, fatherOfBlocks, favelanky, georgits, helios, hl_, inmarelibero, juancito, ks__xxxxx, lopotras, lukris02, m_Rassska, mahdirostami, maxper, nadin, navinavu, nemveer, p_crypt0, peanuts, pipoca, pixpi, qpzm, rbserver, reassor, roelio, rotcivegaf, scokaf, siddhpurakaran, slvDev, smaul, tnevler, tsvetanovv, turvy_fuzz, vagrant, wen, yac, zzzitron
13.1298 USDC - $13.13
SafEth.sol#L64 , SafEth.sol#L109
Change pausestaking & pauseunstaking in a single variable, and use it to pause both staking & unstaking.
Once something bad happens to the protocol you should pause all operation in a single function call.
Delete pausestaking & pauseunstaking and use pause and change pausestaking & pauseunstaking to pause all over the code base.
#0 - c4-sponsor
2023-04-10T21:08:31Z
toshiSat marked the issue as sponsor disputed
#1 - c4-judge
2023-04-24T18:41:35Z
Picodes marked the issue as grade-b
🌟 Selected for report: Rolezn
Also found by: 0x3b, 0xGordita, 0xSmartContract, 0xhacksmithh, 0xnev, 0xpanicError, 4lulz, Angry_Mustache_Man, ArbitraryExecution, Aymen0909, Bason, BlueAlder, EvanW, Franfran, HHK, Haipls, IgorZuk, JCN, KrisApostolov, Madalad, MiksuJak, MiniGlome, RaymondFam, ReyAdmirado, Rickard, Sathish9098, Udsen, adriro, alexzoid, anodaram, arialblack14, c3phas, carlitox477, ch0bu, chaduke, codeslide, d3e4, dicethedev, ernestognw, fatherOfBlocks, georgits, hunter_w3b, inmarelibero, lukris02, mahdirostami, maxper, pavankv, pixpi, rotcivegaf, smaul, tank, tnevler, wen, yac
10.7864 USDC - $10.79
SafEth.sol#L73 , SafEth.sol#L74 , SafEth.sol#L115 , SafEth.sol#L118
At Line 73 & 74 derivatives[i] value is fetched from storage and used directly in the for loop for 3 times that's mean 3 SLOAD call which is expensive as SLOAD cost minimum 100 Gas, instead we can store derivatives[i] value in a memory variable and use this value which will be MLOAD call and it's only cost 3 Gas.
To save Gas implement the code like below:
for (uint i = 0; i < derivativeCount; i++) IDerivative derivativeValue = derivatives[i]; underlyingValue += (derivativeValue.ethPerDerivative(derivativeValue.balance()) * derivativeValue.balance()) / 10 ** 18;
This same optimization can be applied similarly into Line 115 & 118.
balance() function two times which can be expensiveSafEth.sol#L73 , SafEth.sol#L74
At line 73 & 74 balance() function is called two times which will be costing more Gas as their is many internal & external function calls and that can be optimized by storing balance() function value in a memory variable and use it when it's required.
To save Gas implement the code like below:
for (uint i = 0; i < derivativeCount; i++) uint256 derivativeBalance = derivatives[i].balance(); underlyingValue += (derivatives[i].ethPerDerivative(derivativeBalance) * derivativeBalance) / 10 ** 18;
#0 - c4-sponsor
2023-04-10T20:45:29Z
elmutt marked the issue as sponsor confirmed
#1 - c4-judge
2023-04-23T19:12:17Z
Picodes marked the issue as grade-b