Omniscia Dapp Radar Audit
StakingRewardsController Code Style Findings
StakingRewardsController Code Style Findings
SRC-01C: Inefficient Invocation of Library Function
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | StakingRewardsController.sol:L64 |
Description:
The linked function of the Ownable OpenZeppelin implementation is inefficiently executed as it imposes the onlyOwner modifier which will always yield true during the constructor's execution.
Example:
59constructor(60 address _owner,61 uint256 _rewardPerSecond,62 address _endpoint63) ReentrancyGuard() NonblockingLzApp(_endpoint) {64 transferOwnership(_owner);65 rewardPerSecond = _rewardPerSecond;66}Recommendation:
We advise the _transferOwnership function to be utilized instead, optimizing the gas cost of the statement.
Alleviation:
The Dapp Radar team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.
SRC-02C: Inefficient mapping Lookups
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | StakingRewardsController.sol:L108, L115 |
Description:
The linked statements perform key-based lookup operations on mapping declarations from storage multiple times for the same key redundantly.
Example:
108uint256 userBalance = userInfo[_user].amountPerChain[_dstChain];109require(userBalance > 0, "RadarStakingRewards: this wallet has nothing staked on this chain");110
111_getReward(_user, userBalance, _signature, _dstChain, _dstAddress);112
113totalSupply -= userBalance;114
115UserInfo storage user = userInfo[_user];116user.amount -= userBalance;117user.amountPerChain[_dstChain] = 0;Recommendation:
As the lookups internally perform an expensive keccak256 operation, we advise the lookups to be cached wherever possible to a single local declaration that either holds the value of the mapping in case of primitive types or holds a storage pointer to the struct contained.
Alleviation:
The Dapp Radar team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.
SRC-03C: Test Dependency Import
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | | StakingRewardsController.sol:L15 |
Description:
The linked import statement specifies a test dependency that should not be present in production code.
Example:
15import "hardhat/console.sol";Recommendation:
We advise the import statement and all related usages of it to be safely omitted from the codebase.
Alleviation:
The test import statement has been properly omitted from the codebase.
SRC-04C: Unutilized Code
| Type | Severity | Location |
|---|---|---|
| Code Style | | StakingRewardsController.sol:L27, L42 |
Description:
The linked code variables remain unutilized in the codebase.
Example:
23uint256 constant internal BASE_UNIT = 1e18;24bytes32 constant internal ACTION_STAKE = "stake";25bytes32 constant internal ACTION_WITHDRAW = "withdraw";26bytes32 constant internal ACTION_CLAIM = "claim";27bytes32 constant internal ACTION_TRANSFER = "transfer";28
29uint256 public rewardPerSecond;30uint256 public override totalSupply;31mapping(uint16 => uint256) supplyPerChain;32
33struct PoolInfo {34 uint256 accToken1PerShare;35 uint256 lastRewardTime;36}37
38struct UserInfo {39 uint256 amount;40 mapping(uint16 => uint256) amountPerChain;41 uint256 rewardDebt;42 uint256 unpaidRewards;43}Recommendation:
We advise them to be removed and all relevant utilization statements to be omitted as the ACTION_TRANSFER operation is not supported and the unpaidRewards variable of the UserInfo struct is never assigned to.
Alleviation:
The Dapp Radar team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.