Platform: Code4rena
Start Date: 21/04/2022
Pot Size: $100,000 USDC
Total HM: 18
Participants: 60
Period: 7 days
Judge: gzeon
Total Solo HM: 10
Id: 112
League: ETH
Rank: 32/60
Findings: 2
Award: $254.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x52, 0xDjango, 0xkatana, Dravee, Funen, Kenshin, Ruhum, StyxRave, Tadashi, TerrierLover, TrungOre, antonttc, berndartmueller, catchup, csanuragjain, defsec, dipp, fatherOfBlocks, hake, horsefacts, hubble, jayjonah8, joestakey, kebabsec, kenta, m4rio_eth, oyc_109, pauliax, peritoflores, rayn, remora, robee, securerodd, simon135, sorrynotsorry, sseefried, z3s
169.5152 USDC - $169.52
trucate to truncate:TopUpKeeperHelper.sol 156,36: * @param length The length to trucate the list of topups to.
prepraed to prepared:TopUpAction.sol 396,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. TopUpActionFeeHandler.sol 157,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 202,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. LiquidityPool.sol 185,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 214,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 243,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 272,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 304,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 352,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. InflationManager.sol 141,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 315,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. Vault.sol 218,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 270,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 293,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 317,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 348,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 373,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met. 398,53: * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met.
addres to address:737,25: * @dev Setting the addres to 0 means that the protocol will no longer be supported.
succuessful to successful:BkdTriHopCvx.sol 27,73: event SetHopImbalanceToleranceIn(uint256 value); // Emitted after a succuessful setting of hop imbalance tolerance in 28,74: event SetHopImbalanceToleranceOut(uint256 value); // Emitted after a succuessful setting of hop imbalance tolerance out ConvexStrategyBase.sol 65,68: event SetCommunityReserve(address reserve); // Emitted after a succuessful setting of reserve 66,74: event SetCrvCommunityReserveShare(uint256 value); // Emitted after a succuessful setting of CRV Community Reserve Share 67,74: event SetCvxCommunityReserveShare(uint256 value); // Emitted after a succuessful setting of CVX Community Reserve Share 68,70: event SetImbalanceToleranceIn(uint256 value); // Emitted after a succuessful setting of imbalance tolerance in 69,71: event SetImbalanceToleranceOut(uint256 value); // Emitted after a succuessful setting of imbalance tolerance out 70,65: event SetStrategist(address strategist); // Emitted after a succuessful setting of strategist StrategySwapper.sol 34,67: event SetSlippageTolerance(uint256 value); // Emitted after a succuessful setting of slippage tolerance 35,78: event SetCurvePool(address token, address curvePool); // Emitted after a succuessful setting of a Curve Pool 36,85: event SetSwapViaUniswap(address token, bool swapViaUniswap); // Emitted after a succuessful setting of swap via Uniswap
tolarance to tolerance:BkdTriHopCvx.sol 79,58: * @param _hopImbalanceToleranceIn New hop imbalance tolarance in. 95,59: * @param _hopImbalanceToleranceOut New hop imbalance tolarance out. ConvexStrategyBase.sol 224,51: * @param imbalanceToleranceIn_ New imbalance tolarance in. 240,52: * @param imbalanceToleranceOut_ New imbalance tolarance out.
widthdrawn to withdrawn:BkdEthCvx.sol 136,68: * @param _underlyingAmount Amount of underlying that is being widthdrawn from Curve Pool. BkdTriHopCvx.sol 248,59: * @param _hopLpAmount Amount of Hop LP that is being widthdrawn from Curve Pool. 282,68: * @param _underlyingAmount Amount of underlying that is being widthdrawn from Curve Hop Pool.
mininum to minimum:BkdTriHopCvx.sol 258,20: * @return The mininum Hop LP balance to accept. 295,20: * @return The mininum underlying balance to accept.
suceptible to susceptible:BkdEthCvx.sol 154,50: * @dev Uses get_virtual_price which is less suceptible to manipulation. 165,50: * @dev Uses get_virtual_price which is less suceptible to manipulation. BkdTriHopCvx.sol 304,50: * @dev Uses get_virtual_price which is less suceptible to manipulation. 315,50: * @dev Uses get_virtual_price which is less suceptible to manipulation. 326,50: * @dev Uses get_virtual_price which is less suceptible to manipulation. 340,50: * @dev Uses get_virtual_price which is less suceptible to manipulation.
Retuns to Returns:LiquidityPool.sol 644,16: * @notice Retuns if the pool has an active deposit limit
Overriden to Overridden:LiquidityPool.sol 804,13: * @dev Overriden for testing
deos to does:AddressProvider.sol 297,41: * @dev Does not revert if the pool deos not exist 308,33: * @dev Reverts if the pool deos not exist
exipred to expired:CvxCrvRewardsLocker.sol 131,26: * @notice Processes exipred locks.
collaterization to collateralization:CompoundHandler.sol 85,28: * @notice Returns the collaterization ratio of the user. 86,71: * A result of 1.5 (x1e18) means that the user has a 150% collaterization ratio.
repayed to repaid:CompoundHandler.sol 103,44: * @return The amount of debt that was repayed in the underlying.
palce to place:Preparable.sol 10,58: * callers should make sure to have the proper checks in palce
commited to committed:Preparable.sol 34,51: * @notice Prepares an uint256 that should be commited to the contract 58,51: * @notice Prepares an address that should be commited to the contract
transfered to transferred:LpToken.sol 79,48: * @dev We notify that LP tokens have been transfered
communit to community:ConvexStrategyBase.sol 175,39: * @notice Set the address of the communit reserve.
indicies to indices:StrategySwapper.sol 292,41: * @dev Returns the Curve Pool coin indicies for a given Token. 293,55: * @param curvePool_ The Curve Pool to return the indicies for. 294,43: * @param token_ The Token to get the indicies for.
recieve to receive:StrategySwapper.sol 307,52: * @dev Returns the minimum amount of Token to recieve from swap. 310,60: * @return minAmountOut The minimum amount of Token to recieve from swap. 324,51: * @dev Returns the minimum amount of WETH to recieve from swap. 327,59: * @return minAmountOut The minimum amount of WETH to recieve from swap.
#0 - chase-manning
2022-04-28T10:09:29Z
I consider this report to be of particularly high quality
🌟 Selected for report: joestakey
Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xDjango, 0xNazgul, 0xkatana, 0xmint, Dravee, Funen, IllIllI, MaratCerby, NoamYakov, Tadashi, TerrierLover, Tomio, WatchPug, catchup, defsec, fatherOfBlocks, hake, horsefacts, kenta, oyc_109, pauliax, rayn, rfa, robee, saian, securerodd, simon135, slywaters, sorrynotsorry, tin537, z3s
84.957 USDC - $84.96
++i use less gas than i++:++i costs less gas compared to i++. about 5 gas per iteration.
BkdLocker.sol 310,45: for (uint256 i = 0; i < length; i++) { Controller.sol 117,45: for (uint256 i = 0; i < numActions; i++) { StakerVault.sol 260,49: for (uint256 i = 0; i < actions.length; i++) { RoleManager.sol 80,47: for (uint256 i = 0; i < roles.length; i++) { TopUpAction.sol 188,51: for (uint256 i = 0; i < protocols.length; i++) { 456,41: for (uint256 i = 0; i < length; i++) { 479,41: for (uint256 i = 0; i < length; i++) { 506,42: for (uint256 i = 0; i < howMany; i++) { 891,41: for (uint256 i = 0; i < length; i++) { TopUpKeeperHelper.sol 43,51: for (uint256 i = 0; i < users.length; i++) { 72,46: for (uint256 i = 0; i < keys.length; i++) { 93,41: for (uint256 i = 0; i < length; i++) { 165,41: for (uint256 i = 0; i < length; i++) { CompoundHandler.sol 135,48: for (uint256 i = 0; i < assets.length; i++) { CTokenRegistry.sol 61,49: for (uint256 i = 0; i < ctokens.length; i++) { ConvexStrategyBase.sol 313,57: for (uint256 i = 0; i < _rewardTokens.length(); i++) { 380,57: for (uint256 i = 0; i < _rewardTokens.length(); i++) { MockStableSwap.sol 30,36: for (uint256 i = 0; i < 3; i++) { 42,36: for (uint256 i = 0; i < 2; i++) { 70,36: for (uint256 i = 0; i < 3; i++) { InflationManager.sol 91,41: for (uint256 i = 0; i < length; i++) { 105,41: for (uint256 i = 0; i < length; i++) { 109,54: for (uint256 i = 0; i < stakerVaults.length; i++) { 114,41: for (uint256 i = 0; i < length; i++) { 166,41: for (uint256 i = 0; i < length; i++) { 191,41: for (uint256 i = 0; i < length; i++) { 259,41: for (uint256 i = 0; i < length; i++) { 283,41: for (uint256 i = 0; i < length; i++) { 357,41: for (uint256 i = 0; i < length; i++) { 381,41: for (uint256 i = 0; i < length; i++) { 404,41: for (uint256 i = 0; i < length; i++) { 445,41: for (uint256 i = 0; i < length; i++) { KeeperGauge.sol 155,52: for (uint256 i = startEpoch; i < endEpoch; i++) { VestedEscrow.sol 93,49: for (uint256 i = 0; i < amounts.length; i++) { EnumerableExtensions.sol 21,38: for (uint256 i = 0; i < len; i++) { 34,38: for (uint256 i = 0; i < len; i++) { 92,38: for (uint256 i = 0; i < len; i++) { 105,38: for (uint256 i = 0; i < len; i++) { 118,38: for (uint256 i = 0; i < len; i++) { 131,38: for (uint256 i = 0; i < len; i++) {
!= 0 use less gas than > 0 for unsigned ints in require():BkdLocker.sol 90,24: require(amount > 0, Error.INVALID_AMOUNT); 91,36: require(totalLockedBoosted > 0, Error.NOT_ENOUGH_FUNDS); 136,24: require(length > 0, "No entries"); TopUpAction.sol 210,42: require(record.singleTopUpAmount > 0, Error.INVALID_AMOUNT); 554,43: require(position.totalTopUpAmount > 0, Error.INSUFFICIENT_BALANCE); TopUpActionFeeHandler.sol 123,32: require(totalClaimable > 0, Error.NOTHING_TO_CLAIM); LiquidityPool.sol 401,29: require(_depositCap > 0, Error.INVALID_AMOUNT); 471,34: require(underlyingAmount > 0, Error.INVALID_AMOUNT); 473,45: require(lpToken_.balanceOf(account) > 0, Error.INSUFFICIENT_BALANCE); 549,32: require(redeemLpTokens > 0, Error.INVALID_AMOUNT); StrategySwapper.sol 111,36: require(slippageTolerance_ > 0.8e18, Error.INVALID_SLIPPAGE_TOLERANCE); MockErc20Strategy.sol 65,32: require(currentBalance > 0, "Invalid amount to withdraw"); 75,24: require(amount > 0, "Invalid amount to transfer"); MockEthStrategy.sol 66,32: require(currentBalance > 0, "Invalid amount to withdraw"); MockVotingEscrow.sol 35,39: require(_balances[msg.sender] > 0, "a lock needs to first be created"); AmmConvexGauge.sol 159,24: require(amount > 0, Error.INVALID_AMOUNT); 172,24: require(amount > 0, Error.INVALID_AMOUNT); AmmGauge.sol 104,24: require(amount > 0, Error.INVALID_AMOUNT); 125,24: require(amount > 0, Error.INVALID_AMOUNT); KeeperGauge.sol 138,32: require(totalClaimable > 0, Error.ZERO_TRANSFER_NOT_ALLOWED); VestedEscrow.sol 83,35: require(unallocatedSupply > 0, "No reward tokens in contract"); Vault.sol 164,24: require(amount > 0, Error.INVALID_AMOUNT);
0 to uint256:Default value of uint256 is 0. you can delete = 0 for saving some gas.
BkdLocker.sol 133,42: uint256 totalAvailableToWithdraw = 0; Controller.sol 114,34: uint256 totalEthRequired = 0; StakerVault.sol 144,35: uint256 startingAllowance = 0; TopUpAction.sol 452,34: uint256 totalEthRequired = 0; LiquidityPool.sol 483,33: uint256 currentFeeRatio = 0; KeeperGauge.sol 154,32: uint256 totalClaimable = 0; VestedEscrow.sol 92,29: uint256 totalAmount = 0; Vault.sol 135,41: uint256 allocatedUnderlying = 0; 583,33: uint256 strategistShare = 0;
Custom errors from Solidity 0.8.4 are cheaper than require messages.
https://blog.soliditylang.org/2021/04/21/custom-errors/