# #41570 \[SC-Insight] Code Insights Report **Submitted on Mar 16th 2025 at 15:51:57 UTC by @pxng0lin for** [**Audit Comp | Yeet**](https://immunefi.com/audit-competition/audit-comp-yeet) * **Report ID:** #41570 * **Report Type:** Smart Contract * **Report severity:** Insight * **Target:** * **Impacts:** ## Description ## Table of Contents 1. [Gas Optimization: Duplicate Condition Check in Yeet.sol](broken://pages/AsZyH9cOEpMMDhfr7n14) 2. [Missing Zero Address Check: updateStakingContract in Yeet.sol](broken://pages/AsZyH9cOEpMMDhfr7n14) *** ## 1. Gas Optimization: Duplicate Condition Check in Yeet.sol **Contract**: `Yeet.sol`\ **Function**: `_yeet()`\ **Severity**: Low (Gas Optimization) ### Description The function `_yeet()` contains duplicate condition checks for `isBoostrapPhase()`. This function is called with every yeet transaction, so optimizing it can lead to substantial gas savings over time. ### Code Snippet ```solidity // Current implementation if (isBoostrapPhase()) { endOfYeetTime = roundStartTime + yeetTimeInSeconds + BOOSTRAP_PHASE_DURATION; } else { endOfYeetTime = timestamp + yeetTimeInSeconds; } // Useful for the for stats and history emit YeetDistribution(msg.value, valueToPot, valueToYeetback, valueToStakers, publicGoods, teamRevenue); emit Yeet( msg.sender, timestamp, TAX_PER_YEET, valueToPot, valueToYeetback, potToWinner, potToYeetback, yeetTimeInSeconds, _minimumYeetPoint(potToWinner), nrOfYeets, roundNumber, timeLeftOnTimer ); if (isBoostrapPhase()) { uint256 amountOfTickers = msg.value / minimumYeetPoint; for (uint256 i = 0; i < amountOfTickers; i++) { yeetback.addYeetsInRound(roundNumber, msg.sender); } } else { yeetback.addYeetsInRound(roundNumber, msg.sender); } ``` ### Recommendation Store the result of `isBoostrapPhase()` in a local variable and use it for both condition checks. This reduces the number of external function calls and improves gas efficiency. ```solidity // Recommended implementation bool isBootstrap = isBoostrapPhase(); if (isBootstrap) { endOfYeetTime = roundStartTime + yeetTimeInSeconds + BOOSTRAP_PHASE_DURATION; } else { endOfYeetTime = timestamp + yeetTimeInSeconds; } // Useful for the for stats and history emit YeetDistribution(msg.value, valueToPot, valueToYeetback, valueToStakers, publicGoods, teamRevenue); emit Yeet( msg.sender, timestamp, TAX_PER_YEET, valueToPot, valueToYeetback, potToWinner, potToYeetback, yeetTimeInSeconds, _minimumYeetPoint(potToWinner), nrOfYeets, roundNumber, timeLeftOnTimer ); if (isBootstrap) { uint256 amountOfTickers = msg.value / minimumYeetPoint; for (uint256 i = 0; i < amountOfTickers; i++) { yeetback.addYeetsInRound(roundNumber, msg.sender); } } else { yeetback.addYeetsInRound(roundNumber, msg.sender); } ``` ### Impact * Reduces gas costs for users interacting with the protocol * Improves code readability and maintainability * Makes the code more consistent in its approach to repeated condition checks *** ## 2. Missing Zero Address Check: updateStakingContract in Yeet.sol **Contract**: `Yeet.sol`\ **Function**: `updateStakingContract()`\ **Severity**: Low (Security Best Practice) ### Description The function `updateStakingContract()` allows the owner to update the staking contract address but lacks a validation check to prevent setting it to the zero address (address(0)). This is a common security best practice that should be implemented for all functions that update critical addresses. ### Code Snippet ```solidity /// @notice updateStakingContract allows the owner to update the staking contract, used for new on vaults function updateStakingContract(StakeV2 _staking) external onlyOwner { stakingContract = _staking; } ``` ### Recommendation Add a zero address check to prevent accidentally setting the staking contract to address(0): ```solidity /// @notice updateStakingContract allows the owner to update the staking contract, used for new on vaults function updateStakingContract(StakeV2 _staking) external onlyOwner { require(address(_staking) != address(0), "Cannot set to zero address"); stakingContract = _staking; } ``` ### Impact * If the owner accidentally sets the staking contract to address(0), contract functionality that depends on the staking contract would fail * This would require additional transactions to fix, wasting gas ## Proof of Concept ## Proof of Concept All code provided in the main part of the report - insight only --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/yeet/41570-sc-insight-code-insights-report.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.