Omniscia Tokemak Audit
ConvexController Code Style Findings
ConvexController Code Style Findings
CCR-01C: Data Location Optimization
Type | Severity | Location |
---|---|---|
Gas Optimization | ConvexController.sol:L94 |
Description:
The linked variable is declared as memory
in an external
function.
Example:
94function claimRewards(address staking, ExpectedReward[] memory expectedRewards)95 external96 onlyManager97{
Recommendation:
We advise it to be set as calldata
optimizing the codebase.
Alleviation:
The variable is now properly set as calldata
optimizing its read access gas cost.
CCR-02C: Ineffectual Extraneous Approval Logic
Type | Severity | Location |
---|---|---|
Gas Optimization | ConvexController.sol:L122-L126 |
Description:
The _approve
function of the contract performs multiple contract calls redundantly as the chain of operations it performs results in the same state as a single approve
call would.
Example:
120function _approve(IERC20 token, uint256 amount) internal {121 address spender = address(BOOSTER);122 uint256 currentAllowance = token.allowance(address(this), spender);123 if (currentAllowance > 0) {124 token.safeDecreaseAllowance(spender, currentAllowance);125 }126 token.safeIncreaseAllowance(spender, amount);127}
Recommendation:
We advise the approve
function to be utilized directly as the code currently reads the allowance, sets it to zero if it is positive and then re-sets it to the new value essentially overwriting it which is the exact behaviour of approve
.
Alleviation:
The Tokemak team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.
CCR-03C: Redundant Local Variable
Type | Severity | Location |
---|---|---|
Gas Optimization | ConvexController.sol:L59-L60, L84-L85, L109-L110 |
Description:
The linked statement pairs perform an execution of an external call that yields a bool
and proceed to validate the locally declared bool
in a require
statement.
Example:
109bool success = IConvexBaseRewards(staking).getReward();110require(success, "CLAIM_REWARD_FAILED");
Recommendation:
We advise the result of the call to be used directly within the require
check as it bears no purpose outside of it and would optimize the code's gas cost.
Alleviation:
The result of getReward
is now directly utilized in the require
check.