Platform: Code4rena
Start Date: 09/11/2021
Pot Size: $75,000 USDC
Total HM: 57
Participants: 27
Period: 7 days
Judge: alcueca
Total Solo HM: 49
Id: 52
League: ETH
Rank: 15/27
Findings: 2
Award: $752.83
π Selected for report: 9
π Solo Findings: 0
π Selected for report: ye0lde
ye0lde
Code clarity
"only callable by guardian" is incorrect https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/GovernorAlpha.sol#L698
"less than {proposalMaxOperations}" to "less than or equal" https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/GovernorAlpha.sol#L347
Struct member description out of order: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/GovernorAlpha.sol#L68
Visual Studio Code, Remix
Correct the comments if the suggestions are valid.
π Selected for report: ye0lde
161.9075 USDC - $161.91
ye0lde
It's not clear what this function should allow to happen. The comment states: "the new maximum supply must be greater than the current one".
But the require statement only checks that the new maximum supply is >= totalSupply.
So the way the code is written now maximum supply can go up or down as long as its >= totalSupply.
And if that is correct then can maximum supply really be equal to totalSupply? The revert message is not really clear.
Visual Studio Code, Remix
Clarify the comment/revert message if the code is correct. Correct the code otherwise.
#0 - SamSteinGG
2021-11-25T12:17:42Z
The code is performing as intended, the wording of the comments can be confusing however this finding relates to comments and should not constitute a low risk finding.
#1 - alcueca
2021-12-11T07:30:47Z
Issues with comments are a severity 1.
π Selected for report: ye0lde
68.651 USDC - $68.65
ye0lde
Removing unused named return variables can reduce gas usage and improve code clarity.
Unused named returns https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/GovernorAlpha.sol#L250 https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/tokens/vesting/LinearVesting.sol#L101
Used but not needed (replace with a return statement) https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/repo/vader-bond/contracts/Treasury.sol#L55-L57
Visual Studio Code, Remix
Remove the unused or unneeded named returns
9.0084 USDC - $9.01
ye0lde
Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met. Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.
I can see that the sponsor is committed to verbose revert strings as almost every revert string is > 32 bytes but I wanted to at least mention this issue.
Almost every revert string in the project is > 32 bytes.
Visual Studio Code
Consider shortening the revert strings to fit in 32 bytes or using custom errors (v0.8.4 or greater) in the future.
π Selected for report: ye0lde
68.651 USDC - $68.65
ye0lde
Variables are being assigned their default value which is unnecessary. Removing the assignment will save gas when deploying.
Visual Studio Code, Remix
Remove the assignments.
Or if you feel it is important to show the default assignment will occur then replace the assignments with a comment.
30.893 USDC - $30.89
ye0lde
Using existing local variables instead of reading state variables will save gas by converting SLOADs to MLOADs.
delay_ can be used here: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/Timelock.sol#L150
pendingAdmin_ can be used here: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/Timelock.sol#L186
_paused can be used here: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/staking-rewards/Pausable.sol#L30 https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/staking-rewards/Pausable.sol#L35
_rewardsDuration can be used here: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/staking-rewards/StakingRewards.sol#L172
Visual Studio Code, Remix
See Proof of Concept
π Selected for report: ye0lde
68.651 USDC - $68.65
ye0lde
In constructors and elsewhere a "pool" address is being passed as a parameter and it is checked for the zero address. This check is not needed if there is an immediate call to "transferOwnership" as it will revert on an attempt to transfer ownership to the zero address.
Removing the redundant check will save gas and improve code clarity.
Remove the require: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex-v2/synths/SynthFactory.sol#L13-L16 https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex-v2/wrapper/LPWrapper.sol#L13-L16
Remove one of the conditions in the require: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex/pool/VaderPoolFactory.sol#L103 https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/reserve/VaderReserve.sol#L69
Could also do it here but it is less clear: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/tokens/Vader.sol#L158
Visual Studio Code, Remix
Consider removing the zero address check. A comment could be added that "transferOwnership" reverts on a zero address.
π Selected for report: ye0lde
161.9075 USDC - $161.91
ye0lde
The proposal "feeAmount" variable is set in the constructor and elsewhere without any boundary checking. While the proposer has to approve the feeAmount before calling it may have been incorrectly set too low allowing griefing attacks, etc or set too high preventing legitimate proposals.
Initialized in Constructor: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/GovernorAlpha.sol#L215
Visual Studio Code, Remix
Consider adding boundary checks on feeAmount here: https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/GovernorAlpha.sol#L215 https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/governance/GovernorAlpha.sol#L545
π Selected for report: ye0lde
Also found by: Meta0xNull, defsec, pants, pauliax
21.2455 USDC - $21.25
ye0lde
Open TODOs can point to architecture or programming issues that still need to be resolved.
The TODOs are here: https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex/math/VaderMath.sol#L80 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex/pool/BasePool.sol#L163 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex/pool/VaderPool.sol#L85 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex/pool/VaderPool.sol#L93 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex/router/VaderRouter.sol#L303 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex/utils/GasThrottle.sol#L11
https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex-v2/pool/VaderPoolV2.sol#L157 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex-v2/pool/VaderPoolV2.sol#L209 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex-v2/pool/VaderPoolV2.sol#L265 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/contracts/dex-v2/pool/VaderPoolV2.sol#L400
https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/repo/vader-bond/contracts/VaderBond.sol#L299 https://github.com/code-423n4/2021-11-vader/blob/3a43059e33d549f03b021d6b417b7eeba66cf62e/repo/vader-bond/contracts/VaderBond.sol#L336
VS Code
Consider resolving the TODOs before deploying.
#0 - alcueca
2021-12-11T07:14:04Z
Issues with comments are severity 1