Omniscia DappRadar Audit
RadarStake Code Style Findings
RadarStake Code Style Findings
RSE-01C: Convoluted Stake Maintenance Mechanism
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | RadarStake.sol:L60, L62-L66, L69-L74, L77, L79, L89, L93-L94, L96, L104, L113, L115 |
Description:
The RadarStake::addToStake function is redundantly convoluted, containing significant complexity and inefficient maintenance of the totalStaked value.
Example:
53// add to your stake & reset counters - allow amount == 0, so you can reset timers without having to add tokens to your stake54function addToStake(uint256 amount, address addr) external onlyStakingLogicContract {55 require(amount >= 0, "RadarStake: Amount has to be 0 or higher");56 require(addr != address(0), "RadarStake: Cannot use the null address");57 require(allAprs.length > 0, "RadarStake: No APR set");58
59 // storage variable used multiple times thus storing it into memory and using the new one from now on60 uint256 _totalStaked = totalStaked;61
62 Stake memory myStake = _stakedTokens[addr];63 if (myStake.totalStaked > 0 && _totalStaked >= myStake.totalStaked) {64 // subtract the current stake from the total counter (memory)65 _totalStaked -= myStake.totalStaked;66 }67
68 // save new Stake69 _stakedTokens[addr] = Stake({70 totalStaked: myStake.totalStaked + amount,71 lastStakedTimestamp: block.timestamp,72 cooldownSeconds: 0, // reset cooldown timer73 cooldownTriggeredAtTimestamp: 0 // reset cooldown timer74 });75
76 // add to total staked amount (memory)77 _totalStaked += myStake.totalStaked + amount;78 // store this variable back to storage79 totalStaked = _totalStaked;80
81 emit AddedToStake(addr, amount);82}Recommendation:
We advise these functions to be significantly optimized by only increasing / decreasing the stake of the addr as well as the totalStaked value, simplifying RadarStake::addToStake to be more similar to RadarStake::removeFromStake.
Alleviation (9193d77dde992ca090fe8895a88804e096173564):
The RadarStake::addToStake function was made more optimal by ensuring that the totalStaked value of the contract is solely incremented and does not need to be subtracted from and incremented afterwards. To note, the myStake local pointer declared within the function can be set to storage as an optimization, however, the exhibit's optimization has been adequately applied to the codebase rendering this exhibit alleviated.
RSE-02C: Improper EIP-20 Transfer Flow
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | RadarStake.sol:L165, L167 |
Description:
The referenced EIP-20 transfer flow will approve itself and then transfer tokens via the ERC20::transferFrom function inefficiently.
Example:
156// if someone sends RADAR to this contract by accident we want to be able to send it back to them157function withdrawRewardTokens(address to, uint256 amount) external onlyOwner {158 require(to != address(0), "RadarStake: Cannot use the null address");159 require(amount >= 0, "RadarStake: Amount cannot be lower than 0");160 uint256 radarBalance = radarTokenContract.balanceOf(address(this));161 require(radarBalance >= amount, "RadarStake: Cannot withdraw more than is available");162 require(radarBalance - amount >= totalStaked, "RadarStake: Cannot withdraw more than is staked");163 164 // approve this contract to move the amount of tokens165 radarTokenContract.approve(address(this), amount);166 // transfer those tokens to the given address167 radarTokenContract.transferFrom(address(this), to, amount);168}Recommendation:
We advise a direct ERC20::transfer operation to be performed, ensuring that the funds are transmitted directly and do not require an approval to self.
Alleviation (8614454f02ec2934ccfdc3f17974be01ca6c1709):
The DappRadar team has not provided any remediation for this exhibit instead opting to acknowledge it.
RSE-03C: Ineffectual Usage of Safe Arithmetics
| Type | Severity | Location |
|---|---|---|
| Language Specific | | RadarStake.sol:L113, L119, L137, L162 |
Description:
The linked mathematical operations are guaranteed to be performed safely by surrounding conditionals evaluated in either require checks or if-else constructs.
Example:
106require(myStake.totalStaked >= amount, "RadarStake: You cannot unstake more than you have staked");107require(totalStaked >= amount, "RadarStake: Cannot unstake more than is staked in total");108
109if (myStake.totalStaked == amount) {110 // clean memory when the whole stake is being taken out111 delete(_stakedTokens[addr]);112} else {113 myStake.totalStaked = myStake.totalStaked - amount;114 // store the updated Stake to permantent storage115 _stakedTokens[addr] = myStake;116}Recommendation:
Given that safe arithmetics are toggled on by default in pragma versions of 0.8.X, we advise the linked statements to be wrapped in unchecked code blocks thereby optimizing their execution cost.
Alleviation (8614454f02ec2934ccfdc3f17974be01ca6c1709):
The DappRadar team has not provided any remediation for this exhibit instead opting to acknowledge it.
RSE-04C: Redundant Parenthesis Statement
| Type | Severity | Location |
|---|---|---|
| Code Style | | RadarStake.sol:L111 |
Description:
The referenced statement is redundantly wrapped in parenthesis (()).
Example:
111delete(_stakedTokens[addr]);Recommendation:
We advise them to be safely omitted, increasing the legibility of the codebase.
Alleviation (8614454f02ec2934ccfdc3f17974be01ca6c1709):
The DappRadar team has not provided any remediation for this exhibit instead opting to acknowledge it.
RSE-05C: Variable Mutability Specifier (Immutable)
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | RadarStake.sol:L23 |
Description:
The linked variable is assigned to only once during the contract's constructor.
Example:
13constructor(address radarTokenContractAddr) {14 radarTokenContract = iRadarToken(radarTokenContractAddr);15}Recommendation:
We advise it to be set as immutable greatly optimizing its read-access gas cost.
Alleviation (8614454f02ec2934ccfdc3f17974be01ca6c1709):
The DappRadar team has not provided any remediation for this exhibit instead opting to acknowledge it.