Omniscia Tokemak Audit
ConvexController Code Style Findings
ConvexController Code Style Findings
CCR-01C: Data Location Optimization
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | ConvexController.sol:L94 |
Description:
The linked variable is declared as memory in an external function.
Example:
94function claimRewards(address staking, ExpectedReward[] memory expectedRewards)95 external96 onlyManager97{Recommendation:
We advise it to be set as calldata optimizing the codebase.
Alleviation:
The variable is now properly set as calldata optimizing its read access gas cost.
CCR-02C: Ineffectual Extraneous Approval Logic
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | ConvexController.sol:L122-L126 |
Description:
The _approve function of the contract performs multiple contract calls redundantly as the chain of operations it performs results in the same state as a single approve call would.
Example:
120function _approve(IERC20 token, uint256 amount) internal {121 address spender = address(BOOSTER);122 uint256 currentAllowance = token.allowance(address(this), spender);123 if (currentAllowance > 0) {124 token.safeDecreaseAllowance(spender, currentAllowance);125 }126 token.safeIncreaseAllowance(spender, amount);127}Recommendation:
We advise the approve function to be utilized directly as the code currently reads the allowance, sets it to zero if it is positive and then re-sets it to the new value essentially overwriting it which is the exact behaviour of approve.
Alleviation:
The Tokemak team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.
CCR-03C: Redundant Local Variable
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | ConvexController.sol:L59-L60, L84-L85, L109-L110 |
Description:
The linked statement pairs perform an execution of an external call that yields a bool and proceed to validate the locally declared bool in a require statement.
Example:
109bool success = IConvexBaseRewards(staking).getReward();110require(success, "CLAIM_REWARD_FAILED");Recommendation:
We advise the result of the call to be used directly within the require check as it bears no purpose outside of it and would optimize the code's gas cost.
Alleviation:
The result of getReward is now directly utilized in the require check.