search

code-423n4 / 2022-02-concur-findings

2 stars 0 forks source link

Gas savings #24

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

csanuragjain

Vulnerability details

Impact

Gas savings

Proof of Concept

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/ConcurRewardPool.sol claimRewards function : use ++i instead of i++ in loop claimRewards function : Save _tokens[i] in local variable and then use the local variable within loop claimRewards function : Add check require(getting>0, "No reward left for token "+_tokens[i]) after line 36

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/Shelter.sol withdraw function : claimed[_token][_to] is never used

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/USDMPegRecovery.sol withdraw function : Add check to see user balance is enough - require(user.usdm>=_withdrawal.usdm && user.pool3>=_withdrawal.pool3,"Insuffiencient balance")

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/MasterChef.sol pendingConcur function : Condition is missing for allocPoint being 0 - Change if (block.number > pool.lastRewardBlock && lpSupply != 0) to if (block.number > pool.lastRewardBlock && lpSupply != 0 && pool.allocPoint != 0) pendingConcur/deposit/withdraw function : Add a check require(pid<=poolInfo.length - 1) preventing invalid pid deposit/withdraw function : Add check require(_amount>0) preventing further actions

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/StakingRewards.sol rewardPerToken function : Add below condition so that function reverts - if(lastTimeRewardApplicable() <= lastUpdateTime){return rewardPerTokenStored;}

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/ConvexStakingWrapper.sol deposit/withdraw function : add a condition to revert if amount=0

GalloDaSballo commented 2 years ago

ConcurRewardPool.sol

claimRewards function : use ++i instead of i++ in loop 2 per loop

claimRewards function : Save _tokens[i] in local variable and then use the local variable within loop Agree as this will avoid the length check, 3 per time, so 9gas

claimRewards function : Add check require(getting>0, "No reward left for token "+_tokens[i]) after line 36 100 for the CALL and 2200 for the values being unchanged (Hot read + 100 for set value to same value)

Shelter.sol

withdraw function : claimed[_token][_to] is never used This will avoid a needles SSTORE, so 20k gas

USDMPegRecovery.sol

withdraw function : Add check to see user balance is enough - require(user.usdm>=_withdrawal.usdm && user.pool3>=_withdrawal.pool3,"Insuffiencient balance")

Ultimately I disagree with this one as the tx will revert due to underflow if trying to withdraw more than available. This increases gas cost when the tx doesn't revert.

I don't think the rest of the findings will save any gas.

The formatting on this report is bad, would recommend the warden to use a markdown editor

GalloDaSballo commented 2 years ago

Total Gas saved: 22311