Platform: Code4rena
Start Date: 14/09/2022
Pot Size: $50,000 USDC
Total HM: 25
Participants: 110
Period: 5 days
Judge: hickuphh3
Total Solo HM: 9
Id: 162
League: ETH
Rank: 99/110
Findings: 1
Award: $16.18
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: pfapostol
Also found by: 0x040, 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, 0xc0ffEE, 0xkatana, Aymen0909, Bnke0x0, Deivitto, Diana, JAGADESH, KIntern_NA, Lambda, MiloTruck, R2, RaymondFam, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Saintcode_, Samatak, Sm4rty, SnowMan, Tomio, Tomo, WilliamAmbrozic, _Adam, __141345__, ajtra, ak1, async, c3phas, ch0bu, cryptostellar5, d3e4, delfin454000, dharma09, djxploit, durianSausage, eierina, erictee, fatherOfBlocks, gianganhnguyen, gogo, ignacio, imare, jag, jonatascm, leosathya, lukris02, malinariy, oyc_109, pashov, pauliax, peanuts, peiw, prasantgupta52, robee, rokinot, rotcivegaf, rvierdiiev, seyni, simon135, slowmoses, sryysryy, tnevler, zishansami
16.1756 USDC - $16.18
++I COSTS LESS GAS THAN I++, ESPECIALLY WHEN IT’S USED IN FOR-LOOPS (--I/I-- TOO)There is 1 instance of this issue
src/Vault.sol::443 => for (uint256 i = 0; i < epochsLength(); i++) {
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L443 Â Â
There is 1 instance of this issue
src/Vault.sol::443 => for (uint256 i = 0; i < epochsLength(); i++) {
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L443 Â Â
There are 4 instances of this issue
PegOracle.sol::98 => require(price1 > 0, "Chainlink price <= 0"); PegOracle.sol::121 => require(price2 > 0, "Chainlink price <= 0"); StakingRewards.sol::119 => require(amount > 0, "Cannot withdraw 0"); Vault.sol::187 => require(msg.value > 0, "ZeroValue");
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/oracles/PegOracle.sol#L98 https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/oracles/PegOracle.sol#L121 https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L187 https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/StakingRewards.sol#L119
 Â
There are 2 instances of this issue
Vault.sol::52 => Â Â mapping(uint256 => bool) public idDepegged; Vault.sol::54 => Â Â mapping(uint256 => bool) public idExists;
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L52 https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L54 Â Â
ADDRESSÂ MAPPINGS CAN BE COMBINED INTO A SINGLEÂ MAPPINGÂ OF ANÂ ADDRESSÂ TO AÂ STRUCT, WHERE APPROPRIATEThere are 4 instances of this issue
rewards/StakingRewards.sol::43 =>Â Â mapping(address => uint256) public userRewardPerTokenPaid; rewards/StakingRewards.sol::44 =>Â Â mapping(address => uint256) public rewards; rewards/StakingRewards.sol::47 =>Â Â mapping(address => uint256) private _balances; VaultFactory.sol::121 =>Â Â mapping(address => address) public tokenToOracle;
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/StakingRewards.sol#L43 https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/StakingRewards.sol#L44 https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/rewards/StakingRewards.sol#L47
 Â
PRIVATEÂ RATHER THANÂ PUBLICÂ FOR CONSTANTS, SAVES GASThere is 1 instance of this issue
Controller.sol::16 =>Â Â uint256 public constant VAULTS_LENGTH = 2;
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Controller.sol#L16