Back to z3s's contests

Aura Finance contest - z3s's results

Providing optimal incentives for VotingEscrow systems.

General Information

Platform: Code4rena

Start Date: 11/05/2022

Pot Size: $150,000 USDC

Total HM: 23

Participants: 93

Period: 14 days

Judge: LSDan

Total Solo HM: 18

Id: 123

League: ETH

Aura Finance

Findings Distribution

Researcher Performance

Rank: 60/93

Findings: 2

Award: $233.12

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAura Finance

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xNineDec, 0xf15ers, 0xkatana, 242, AlleyCat, BouSalman, BowTiedWardens, CertoraInc, Chom, Cityscape, FSchmoede, Funen, GimelSec, Hawkeye, JC, JDeryl, Kaiziron, Kthere, Kumpa, MaratCerby, MiloTruck, Nethermind, NoamYakov, PPrieditis, QuantumBrief, Rolezn, Ruhum, SmartSek, SooYa, Tadashi, TerrierLover, WatchPug, Waze, _Adam, asutorufos, berndartmueller, bobirichman, c3phas, catchup, cccz, ch13fd357r0y3r, cryptphi, csanuragjain, cthulhu_cult, defsec, delfin454000, ellahi, fatherOfBlocks, hansfriese, hubble, hyh, jayjonah8, joestakey, kenta, kenzo, kirk-baird, mics, oyc_109, p_crypt0, reassor, robee, sach1r0, samruna, sashik_eth, sikorico, simon135, sorrynotsorry, sseefried, tintin, unforgiven, z3s, zmj

Awards

149.8668 USDC - $149.87

Labels

bug
duplicate
QA (Quality Assurance)

External Links

Link to GitHub issue

Non Critical

Use of Floating Pragma:

Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

Lock the pragma version: use 0.8.11 instead of ^0.8.11.

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0v3rf10w, 0x1f8b, 0x4non, 0xKitsune, 0xNazgul, 0xf15ers, 0xkatana, BowTiedWardens, CertoraInc, DavidGialdi, FSchmoede, Fitraldys, Funen, GimelSec, Hawkeye, JC, Kaiziron, Kthere, MaratCerby, MiloTruck, NoamYakov, QuantumBrief, Randyyy, Ruhum, SmartSek, SooYa, Tadashi, TerrierLover, Tomio, UnusualTurtle, WatchPug, Waze, _Adam, antonttc, asutorufos, bobirichman, c3phas, catchup, csanuragjain, cthulhu_cult, defsec, delfin454000, ellahi, fatherOfBlocks, hansfriese, hyh, jayjonah8, joestakey, kenta, marcopaladin, mics, minhquanym, orion, oyc_109, reassor, rfa, robee, sach1r0, samruna, sashik_eth, sikorico, simon135, unforgiven, z3s, zmj

Awards

83.2532 USDC - $83.25

Labels

bug
G (Gas Optimization)

External Links

Link to GitHub issue

Gas Optimizations

[G01] uint256 default value is 0 so we can remove = 0:

AuraBalRewardPool.sol
  35,35:     uint256 public pendingPenalty = 0;
  38,33:     uint256 public periodFinish = 0;
  39,31:     uint256 public rewardRate = 0;

AuraClaimZap.sol
  143,24:         for (uint256 i = 0; i < rewardContracts.length; i++) {
  147,24:         for (uint256 i = 0; i < extraRewardContracts.length; i++) {
  151,24:         for (uint256 i = 0; i < tokenRewardContracts.length; i++) {

AuraLocker.sol
  72,40:     uint256 public queuedCvxCrvRewards = 0;
  174,28:             for (uint256 i = 0; i < rewardTokensLength; i++) {
  381,24:         uint256 reward = 0;
  485,34:         uint256 futureUnlocksSum = 0;
  540,52:                     uint256 unlocksSinceLatestCkpt = 0;
  630,21:         uint256 low = 0;
  773,24:         for (uint256 i = 0; i < userRewardsLength; i++) {

AuraMerkleDrop.sol
  29,35:     uint256 public pendingPenalty = 0;

AuraVestedEscrow.sol
  100,24:         for (uint256 i = 0; i < _recipient.length; i++) {

BalLiquidityProvider.sol
  51,24:         for (uint256 i = 0; i < 2; i++) {

ExtraRewardsDistributor.sol
  231,33:         uint256 claimableTokens = 0;

convex-platform/contracts/contracts/ArbitartorVault.sol
  49,22:        for(uint256 i = 0; i < _toPids.length; i++){

convex-platform/contracts/contracts/BaseRewardPool.sol
  71,33:     uint256 public periodFinish = 0;
  72,31:     uint256 public rewardRate = 0;
  75,34:     uint256 public queuedRewards = 0;
  76,35:     uint256 public currentRewards = 0;
  77,38:     uint256 public historicalRewards = 0;

convex-platform/contracts/contracts/Booster.sol
  29,32:     uint256 public platformFee = 0; //possible fee to build treasury
  538,23:         for(uint256 i = 0; i < _gauge.length; i++){

convex-platform/contracts/contracts/BoosterOwner.sol
  144,23:         for(uint256 i = 0; i < poolCount; i++){

convex-platform/contracts/contracts/ConvexMasterChef.sol
  63,36:     uint256 public totalAllocPoint = 0;

convex-platform/contracts/contracts/CrvDepositor.sol
  36,33:     uint256 public incentiveCrv = 0;

convex-platform/contracts/contracts/ExtraRewardStashV3.sol
  125,23:         for(uint256 i = 0; i < maxRewards; i++){

convex-platform/contracts/contracts/VirtualBalanceRewardPool.sol
  89,33:     uint256 public periodFinish = 0;
  90,31:     uint256 public rewardRate = 0;
  93,34:     uint256 public queuedRewards = 0;
  94,35:     uint256 public currentRewards = 0;
  95,38:     uint256 public historicalRewards = 0;

convex-platform/contracts/contracts/VoterProxy.sol
  308,26:         uint256 _balance = 0;

[G02] ++i use less gas than i++:

++i costs less gas compared to i++. about 5 gas per iteration.

AuraClaimZap.sol
  143,57:         for (uint256 i = 0; i < rewardContracts.length; i++) {
  147,62:         for (uint256 i = 0; i < extraRewardContracts.length; i++) {
  151,62:         for (uint256 i = 0; i < tokenRewardContracts.length; i++) {

AuraLocker.sol
  174,57:             for (uint256 i = 0; i < rewardTokensLength; i++) {
  306,49:         for (uint256 i; i < rewardTokensLength; i++) {
  410,59:             for (uint256 i = nextUnlockIndex; i < length; i++) {
  696,61:         for (uint256 i = nextUnlockIndex; i < locks.length; i++) {
  773,52:         for (uint256 i = 0; i < userRewardsLength; i++) {

AuraVestedEscrow.sol
  100,52:         for (uint256 i = 0; i < _recipient.length; i++) {

BalLiquidityProvider.sol
  51,36:         for (uint256 i = 0; i < 2; i++) {

ExtraRewardsDistributor.sol
  233,55:         for (uint256 i = epochIndex; i < tokenEpochs; i++) {

convex-platform/contracts/contracts/ArbitartorVault.sol
  49,47:        for(uint256 i = 0; i < _toPids.length; i++){

convex-platform/contracts/contracts/BaseRewardPool.sol
  214,48:         for(uint i=0; i < extraRewards.length; i++){
  230,48:         for(uint i=0; i < extraRewards.length; i++){
  262,48:         for(uint i=0; i < extraRewards.length; i++){
  296,52:             for(uint i=0; i < extraRewards.length; i++){

convex-platform/contracts/contracts/Booster.sol
  379,44:         for(uint i=0; i < poolInfo.length; i++){
  538,47:         for(uint256 i = 0; i < _gauge.length; i++){

convex-platform/contracts/contracts/BoosterOwner.sol
  144,43:         for(uint256 i = 0; i < poolCount; i++){

convex-platform/contracts/contracts/ExtraRewardStashV3.sol
  125,44:         for(uint256 i = 0; i < maxRewards; i++){
  199,35:         for(uint i=0; i < tCount; i++){

convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol
  69,44:         for(uint i=0; i < usedList.length; i++){

[G03] Use Custom Errors to save Gas:

Custom errors from Solidity 0.8.4 are cheaper than require messages. https://blog.soliditylang.org/2021/04/21/custom-errors/

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter