bot-report.json

{
  "reportUid": "8W4H9LUDWm7",
  "labels": [
    {
      "name": "QA (Quality Assurance)",
      "color": "1D76DB"
    }
  ],
  "comment": "LightChaser-V3",
  "footnote": "V4 wen?",
  "findings": [
    {
      "severity": "Medium",
      "title": "High level access functions can create points of failure (Not captured by 4nalyzer) ",
      "description": "High-level access functions in software, especially those with administrative privileges, can lead to points of failure due to their potential for misuse and unauthorized access. These functions, if compromised, can allow attackers to escalate privileges, leading to unauthorized control or access to sensitive data and functionalities. Insecure direct object references, where user inputs aren't properly validated, can exacerbate this risk, allowing attackers to manipulate the system. Ensuring robust access control and validation mechanisms is crucial to mitigate these vulnerabilities",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external {\n202:     _revertIfNotAdmin(); // <= FOUND\n203:     _setAdmin(_newAdmin);\n204:   }\n\n```\n",
          "loc": [
            "[202](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L202-L202)"
          ]
        },
        {
          "content": "```solidity\n210:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external {\n211:     _revertIfNotAdmin(); // <= FOUND\n212:     isRewardNotifier[_rewardNotifier] = _isEnabled;\n213:     emit RewardNotifierSet(_rewardNotifier, _isEnabled);\n214:   }\n\n```\n",
          "loc": [
            "[211](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L211-L211)"
          ]
        },
        {
          "content": "```solidity\n110:   function setAdmin(address _newAdmin) external {\n111:     _revertIfNotAdmin(); // <= FOUND\n112:     if (_newAdmin == address(0)) revert V3FactoryOwner__InvalidAddress();\n113:     emit AdminSet(admin, _newAdmin);\n114:     admin = _newAdmin;\n115:   }\n\n```\n",
          "loc": [
            "[111](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L111-L111)"
          ]
        },
        {
          "content": "```solidity\n119:   function setPayoutAmount(uint256 _newPayoutAmount) external {\n120:     _revertIfNotAdmin(); // <= FOUND\n121:     if (_newPayoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount();\n122:     emit PayoutAmountSet(payoutAmount, _newPayoutAmount);\n123:     payoutAmount = _newPayoutAmount;\n124:   }\n\n```\n",
          "loc": [
            "[120](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L120-L120)"
          ]
        },
        {
          "content": "```solidity\n131:   function enableFeeAmount(uint24 _fee, int24 _tickSpacing) external {\n132:     _revertIfNotAdmin(); // <= FOUND\n133:     FACTORY.enableFeeAmount(_fee, _tickSpacing);\n134:   }\n\n```\n",
          "loc": [
            "[132](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L132-L132)"
          ]
        },
        {
          "content": "```solidity\n142:   function setFeeProtocol(\n143:     IUniswapV3PoolOwnerActions _pool,\n144:     uint8 _feeProtocol0,\n145:     uint8 _feeProtocol1\n146:   ) external {\n147:     _revertIfNotAdmin(); // <= FOUND\n148:     _pool.setFeeProtocol(_feeProtocol0, _feeProtocol1);\n149:   }\n\n```\n",
          "loc": [
            "[147](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L147-L147)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Some if-statement can be converted to a ternary ",
      "description": "Improving code readability and compactness is an integral part of optimal programming practices. The use of ternary operators in place of if-else conditions is one such measure. Ternary operators allow us to write conditional statements in a more concise manner, thereby enhancing readability and simplicity. They follow the syntax `condition ? exprIfTrue : exprIfFalse`, which interprets as \"if the condition is true, evaluate to `exprIfTrue`, else evaluate to `exprIfFalse`\". By adopting this approach, we make our code more streamlined and intuitive, which could potentially aid in better understanding and maintenance of the codebase.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n577:     if (block.timestamp >= rewardEndTime) {\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n579:     }\n\n```\n",
          "loc": [
            "[577](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L577-L578)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Multiple accesses of the same mapping/array key/index should be cached ",
      "description": "Caching repeated accesses to the same mapping or array key/index in smart contracts can lead to significant gas savings. In Solidity, each read operation from storage (like accessing a value in a mapping or array using a key or index) costs gas. By storing the accessed value in a local variable and reusing it within the function, you avoid multiple expensive storage read operations. This practice is particularly beneficial in loops or functions with multiple reads of the same data. Implementing this caching approach enhances efficiency and reduces transaction costs, which is crucial for optimizing smart contract performance and user experience on the blockchain.",
      "gasSavings": 168,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n605:   function _fetchOrDeploySurrogate(address _delegatee)\n606:     internal\n607:     returns (DelegationSurrogate _surrogate)\n608:   {\n609:     _surrogate = surrogates[_delegatee]; // <= FOUND\n610: \n611:     if (address(_surrogate) == address(0)) {\n612:       _surrogate = new DelegationSurrogate(STAKE_TOKEN, _delegatee);\n613:       surrogates[_delegatee] = _surrogate; // <= FOUND\n614:       emit SurrogateDeployed(_delegatee, address(_surrogate));\n615:     }\n616:   }\n\n```\n",
          "loc": [
            "[605](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L605-L613)"
          ]
        },
        {
          "content": "```solidity\n740:   function _claimReward(address _beneficiary) internal {\n741:     _checkpointGlobalReward();\n742:     _checkpointReward(_beneficiary);\n743: \n744:     uint256 _reward = unclaimedRewardCheckpoint[_beneficiary]; // <= FOUND\n745:     if (_reward == 0) return;\n746:     unclaimedRewardCheckpoint[_beneficiary] = 0; // <= FOUND\n747:     emit RewardClaimed(_beneficiary, _reward);\n748: \n749:     SafeERC20.safeTransfer(REWARD_TOKEN, _beneficiary, _reward);\n750:   }\n\n```\n",
          "loc": [
            "[740](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L740-L746)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Only emit event in setter function if the state variable was changed ",
      "description": "Emitting events in setter functions of smart contracts only when state variables change saves gas. This is because emitting events consumes gas, and unnecessary events, where no actual state change occurs, lead to wasteful consumption.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n210:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external { // <= FOUND\n211:     _revertIfNotAdmin();\n212:     isRewardNotifier[_rewardNotifier] = _isEnabled;\n213:     emit RewardNotifierSet(_rewardNotifier, _isEnabled); // <= FOUND\n214:   }\n\n```\n",
          "loc": [
            "[210](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L210-L213)"
          ]
        },
        {
          "content": "```solidity\n771:   function _setAdmin(address _newAdmin) internal { // <= FOUND\n772:     _revertIfAddressZero(_newAdmin);\n773:     emit AdminSet(admin, _newAdmin); // <= FOUND\n774:     admin = _newAdmin;\n775:   }\n\n```\n",
          "loc": [
            "[771](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L771-L773)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "State variables used within a function more than once should be cached to save gas ",
      "description": "Cache such variables and perform operations on them, if operations include modifications to the state variable(s) then remember to equate the state variable to it's cached counterpart at the end",
      "gasSavings": 200,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n229:   function rewardPerTokenAccumulated() public view returns (uint256) { // <= FOUND\n230:     if (totalStaked == 0) return rewardPerTokenAccumulatedCheckpoint; // <= FOUND\n231: \n232:     return rewardPerTokenAccumulatedCheckpoint // <= FOUND\n233:       + (scaledRewardRate * (lastTimeRewardDistributed() - lastCheckpointTime)) / totalStaked; // <= FOUND\n234:   }\n\n```\n",
          "loc": [
            "[229](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L229-L233)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "It is standard for all external and public functions to be override from an interface ",
      "description": "This is to ensure the whole API is extracted in a interface",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external \n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n210:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external \n\n```\n",
          "loc": [
            "[210](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L210-L210)"
          ]
        },
        {
          "content": "```solidity\n256:   function stake(uint256 _amount, address _delegatee)\n257:     external\n258:     returns (DepositIdentifier _depositId)\n259:   \n\n```\n",
          "loc": [
            "[256](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L256-L256)"
          ]
        },
        {
          "content": "```solidity\n271:   function stake(uint256 _amount, address _delegatee, address _beneficiary)\n272:     external\n273:     returns (DepositIdentifier _depositId)\n274:   \n\n```\n",
          "loc": [
            "[271](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L271-L271)"
          ]
        },
        {
          "content": "```solidity\n292:   function permitAndStake(\n293:     uint256 _amount,\n294:     address _delegatee,\n295:     address _beneficiary,\n296:     uint256 _deadline,\n297:     uint8 _v,\n298:     bytes32 _r,\n299:     bytes32 _s\n300:   ) external returns (DepositIdentifier _depositId) \n\n```\n",
          "loc": [
            "[292](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L292-L292)"
          ]
        },
        {
          "content": "```solidity\n315:   function stakeOnBehalf(\n316:     uint256 _amount,\n317:     address _delegatee,\n318:     address _beneficiary,\n319:     address _depositor,\n320:     bytes memory _signature\n321:   ) external returns (DepositIdentifier _depositId) \n\n```\n",
          "loc": [
            "[315](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L315-L315)"
          ]
        },
        {
          "content": "```solidity\n342:   function stakeMore(DepositIdentifier _depositId, uint256 _amount) external \n\n```\n",
          "loc": [
            "[342](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L342-L342)"
          ]
        },
        {
          "content": "```solidity\n360:   function permitAndStakeMore(\n361:     DepositIdentifier _depositId,\n362:     uint256 _amount,\n363:     uint256 _deadline,\n364:     uint8 _v,\n365:     bytes32 _r,\n366:     bytes32 _s\n367:   ) external \n\n```\n",
          "loc": [
            "[360](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L360-L360)"
          ]
        },
        {
          "content": "```solidity\n382:   function stakeMoreOnBehalf(\n383:     DepositIdentifier _depositId,\n384:     uint256 _amount,\n385:     address _depositor,\n386:     bytes memory _signature\n387:   ) external \n\n```\n",
          "loc": [
            "[382](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L382-L382)"
          ]
        },
        {
          "content": "```solidity\n410:   function alterDelegatee(DepositIdentifier _depositId, address _newDelegatee) external \n\n```\n",
          "loc": [
            "[410](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L410-L410)"
          ]
        },
        {
          "content": "```solidity\n423:   function alterDelegateeOnBehalf(\n424:     DepositIdentifier _depositId,\n425:     address _newDelegatee,\n426:     address _depositor,\n427:     bytes memory _signature\n428:   ) external \n\n```\n",
          "loc": [
            "[423](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L423-L423)"
          ]
        },
        {
          "content": "```solidity\n453:   function alterBeneficiary(DepositIdentifier _depositId, address _newBeneficiary) external \n\n```\n",
          "loc": [
            "[453](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L453-L453)"
          ]
        },
        {
          "content": "```solidity\n466:   function alterBeneficiaryOnBehalf(\n467:     DepositIdentifier _depositId,\n468:     address _newBeneficiary,\n469:     address _depositor,\n470:     bytes memory _signature\n471:   ) external \n\n```\n",
          "loc": [
            "[466](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L466-L466)"
          ]
        },
        {
          "content": "```solidity\n499:   function withdraw(DepositIdentifier _depositId, uint256 _amount) external \n\n```\n",
          "loc": [
            "[499](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L499-L499)"
          ]
        },
        {
          "content": "```solidity\n512:   function withdrawOnBehalf(\n513:     DepositIdentifier _depositId,\n514:     uint256 _amount,\n515:     address _depositor,\n516:     bytes memory _signature\n517:   ) external \n\n```\n",
          "loc": [
            "[512](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L512-L512)"
          ]
        },
        {
          "content": "```solidity\n536:   function claimReward() external \n\n```\n",
          "loc": [
            "[536](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L536-L536)"
          ]
        },
        {
          "content": "```solidity\n544:   function claimRewardOnBehalf(address _beneficiary, bytes memory _signature) external \n\n```\n",
          "loc": [
            "[544](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L544-L544)"
          ]
        },
        {
          "content": "```solidity\n570:   function notifyRewardAmount(uint256 _amount) external \n\n```\n",
          "loc": [
            "[570](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L570-L570)"
          ]
        },
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external \n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n119:   function setPayoutAmount(uint256 _newPayoutAmount) external \n\n```\n",
          "loc": [
            "[119](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L119-L119)"
          ]
        },
        {
          "content": "```solidity\n131:   function enableFeeAmount(uint24 _fee, int24 _tickSpacing) external \n\n```\n",
          "loc": [
            "[131](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L131-L131)"
          ]
        },
        {
          "content": "```solidity\n142:   function setFeeProtocol(\n143:     IUniswapV3PoolOwnerActions _pool,\n144:     uint8 _feeProtocol0,\n145:     uint8 _feeProtocol1\n146:   ) external \n\n```\n",
          "loc": [
            "[142](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L142-L142)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) \n\n```\n",
          "loc": [
            "[181](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L181-L181)"
          ]
        },
        {
          "content": "```solidity\n220:   function lastTimeRewardDistributed() public view returns (uint256) \n\n```\n",
          "loc": [
            "[220](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L220-L220)"
          ]
        },
        {
          "content": "```solidity\n229:   function rewardPerTokenAccumulated() public view returns (uint256) \n\n```\n",
          "loc": [
            "[229](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L229-L229)"
          ]
        },
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) \n\n```\n",
          "loc": [
            "[241](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L241-L241)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Overly complicated arithmetic ",
      "description": "To maintain readability in code, particularly in Solidity which can involve complex mathematical operations, it is often recommended to limit the number of arithmetic operations to a maximum of 2-3 per line. Too many operations in a single line can make the code difficult to read and understand, increase the likelihood of mistakes, and complicate the process of debugging and reviewing the code. Consider splitting such operations over more than one line, take special care when dealing with division however. Try to limit the number of arithmetic operations to a maximum of 3 per line.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n232: \n233:     return rewardPerTokenAccumulatedCheckpoint\n234:       + (scaledRewardRate * (lastTimeRewardDistributed() - lastCheckpointTime)) / totalStaked; // <= FOUND\n\n```\n",
          "loc": [
            "[234](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L234-L234)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Some tokens may revert when zero value transfers are made ",
      "description": "Reason: In Solidity, ERC20 token transfers of value 0 can sometimes lead to unexpected issues. This is particularly relevant when dealing with fractional token amounts that round to 0 when less than 1 of the smallest unit is transferred, leading to an effective transfer of nothing while still consuming gas. Furthermore, some ERC20 token implementations may revert on attempts to transfer a value of 0. However, note that this issue doesn't generally apply to wrapper native tokens like WETH.\n\nResolution: It's advisable to include a condition before any transfer operation to bypass the transaction if the transfer amount is 0. This saves unnecessary gas expenditure and prevents potential function reverts. For handling fractions, ensure token decimals are appropriately assigned and contemplate setting a minimum transfer threshold to avoid rounding down to 0. When dealing with wrapped tokens like WETH, special consideration should be given to their unique characteristics.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal { // <= FOUND\n624:     SafeERC20.safeTransferFrom(IERC20(address(STAKE_TOKEN)), _from, _to, _value); // <= FOUND\n625:   }\n\n```\n",
          "loc": [
            "[623](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L623-L624)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount); // <= FOUND\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) =\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested);\n191: \n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) {\n194:       revert V3FactoryOwner__InsufficientFeesCollected();\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1);\n197:     return (_amount0, _amount1);\n198:   }\n\n```\n",
          "loc": [
            "[181](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L181-L187)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider adding emergency-stop functionality ",
      "description": "In the event of a security breach or any unforeseen emergency, swiftly suspending all protocol operations becomes crucial. Having a mechanism in place to halt all functions collectively, instead of pausing individual contracts separately, substantially enhances the efficiency of mitigating ongoing attacks or vulnerabilities. This not only quickens the response time to potential threats but also reduces operational stress during these critical periods. Therefore, consider integrating a 'circuit breaker' or 'emergency stop' function into the smart contract system architecture. Such a feature would provide the capability to suspend the entire protocol instantly, which could prove invaluable during a time-sensitive crisis management situation.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces \n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner \n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate \n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Consider Using Solady's Gas Optimized Lib for Math",
      "description": "In instances where many similar mathematical operations are performed, consider using Solday's math lib to benefit from the gas saving it can introduce.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n232: \n233:     return rewardPerTokenAccumulatedCheckpoint\n234:       + (scaledRewardRate * (lastTimeRewardDistributed() - lastCheckpointTime)) / totalStaked; // <= FOUND\n\n```\n",
          "loc": [
            "[232](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L232-L234)"
          ]
        },
        {
          "content": "```solidity\n242:     return unclaimedRewardCheckpoint[_beneficiary]\n243:       + (\n244:         earningPower[_beneficiary]\n245:           * (rewardPerTokenAccumulated() - beneficiaryRewardPerTokenCheckpoint[_beneficiary]) // <= FOUND\n246:       ) / SCALE_FACTOR; // <= FOUND\n\n```\n",
          "loc": [
            "[242](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L242-L246)"
          ]
        },
        {
          "content": "```solidity\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n\n```\n",
          "loc": [
            "[578](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L578-L578)"
          ]
        },
        {
          "content": "```solidity\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n\n```\n",
          "loc": [
            "[581](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L581-L581)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "It is a waste of GAS to emit variable literals",
      "description": "Emitting variable literals (true, false, 'hello', 1 etc...) in events is inefficient, as it consumes extra gas without providing added value. These literals are fixed values that can be accessed or hardcoded elsewhere in the smart contract or application, making their inclusion in events redundant and an unnecessary drain on resources during transaction execution.",
      "gasSavings": 40,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary); // <= FOUND\n\n```\n",
          "loc": [
            "[662](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L662-L662)"
          ]
        },
        {
          "content": "```solidity\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee); // <= FOUND\n\n```\n",
          "loc": [
            "[663](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L663-L663)"
          ]
        },
        {
          "content": "```solidity\n105:     emit AdminSet(address(0), _admin); // <= FOUND\n\n```\n",
          "loc": [
            "[105](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L105-L105)"
          ]
        },
        {
          "content": "```solidity\n105:     emit PayoutAmountSet(0, _payoutAmount); // <= FOUND\n\n```\n",
          "loc": [
            "[105](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L105-L105)"
          ]
        },
        {
          "content": "```solidity\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1); // <= FOUND\n\n```\n",
          "loc": [
            "[196](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L196-L196)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Return values not checked for approve()",
      "description": "The ERC-20 token standard does not dictate that the approve function must return a value. The function signature in the ERC-20 standard is function approve(address spender, uint tokens) public returns (bool success);. However, a well-implemented ERC-20 token contract will typically have approve return a boolean value indicating whether or not the operation was successful.\n\nIt's crucial to note that not all token contracts follow this practice. Some might not return a value, or they might return a value in a non-standard way. This inconsistency among token contracts is one reason why it's important to handle token interactions carefully in your smart contracts and to check the return value of approve when possible.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n27:     _token.approve(msg.sender, type(uint256).max); // <= FOUND\n\n```\n",
          "loc": [
            "[27](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L27-L27)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Contracts are vulnerable to fee-on-transfer accounting-related issues",
      "description": "The below-listed functions use `transferFrom()` to move funds from the sender to the recipient but fail to verify if the received token amount matches the transferred amount. This could pose an issue with fee-on-transfer tokens, where the post-transfer balance might be less than anticipated, leading to balance inconsistencies. There might be subsequent checks for a second transfer, but an attacker might exploit leftover funds (such as those accidentally sent by another user) to gain unjustified credit. A practical solution is to gauge the balance prior and post-transfer, and consider the differential as the transferred amount, instead of the predefined amount.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal {\n624:     SafeERC20.safeTransferFrom(IERC20(address(STAKE_TOKEN)), _from, _to, _value); // <= FOUND\n625:   }\n\n```\n",
          "loc": [
            "[623](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L623-L624)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount); // <= FOUND\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) =\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested);\n191: \n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) {\n194:       revert V3FactoryOwner__InsufficientFeesCollected();\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1);\n197:     return (_amount0, _amount1);\n198:   }\n\n```\n",
          "loc": [
            "[181](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L181-L187)"
          ]
        }
      ]
    },
    {
      "severity": "Low",
      "title": "No limits when setting fees",
      "description": "When settings fees state variables, ensure there a require checks in place to prevent incorrect values from being set. This is particularly important when dealing with fee values as without checks fees can be set to 100%",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n142:   function setFeeProtocol(\n143:     IUniswapV3PoolOwnerActions _pool,\n144:     uint8 _feeProtocol0,\n145:     uint8 _feeProtocol1\n146:   ) external {\n147:     _revertIfNotAdmin();\n148:     _pool.setFeeProtocol(_feeProtocol0, _feeProtocol1);\n149:   }\n\n```\n",
          "loc": [
            "[142](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L142-L142)"
          ]
        }
      ]
    },
    {
      "severity": "Low",
      "title": "Loss of precision",
      "description": "Dividing by large numbers in Solidity can cause a loss of precision due to the language's inherent integer division behavior. Solidity does not support floating-point arithmetic, and as a result, division between integers yields an integer result, truncating any fractional part. When dividing by a large number, the resulting value may become significantly smaller, leading to a loss of precision, as the fractional part is discarded.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) { // <= FOUND\n242:     return unclaimedRewardCheckpoint[_beneficiary]\n243:       + (\n244:         earningPower[_beneficiary]\n245:           * (rewardPerTokenAccumulated() - beneficiaryRewardPerTokenCheckpoint[_beneficiary])\n246:       ) / SCALE_FACTOR;\n247:   }\n\n```\n",
          "loc": [
            "[241](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L241-L241)"
          ]
        }
      ]
    },
    {
      "severity": "Low",
      "title": "Missing zero address check in constructor",
      "description": "In Solidity, constructors often take address parameters to initialize important components of a contract, such as owner or linked contracts. However, without a check, there's a risk that an address parameter could be mistakenly set to the zero address (0x0). This could occur due to a mistake or oversight during contract deployment. A zero address in a crucial role can cause serious issues, as it cannot perform actions like a normal address, and any funds sent to it are irretrievable. Therefore, it's crucial to include a zero address check in constructors to prevent such potential problems. If a zero address is detected, the constructor should revert the transaction.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin) // <= FOUND\n191:     EIP712(\"UniStaker\", \"1\")\n192:   {\n193:     REWARD_TOKEN = _rewardToken;\n194:     STAKE_TOKEN = _stakeToken;\n195:     _setAdmin(_admin);\n196:   }\n\n```\n",
          "loc": [
            "[190](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L190-L190)"
          ]
        },
        {
          "content": "```solidity\n25:   constructor(IERC20Delegates _token, address _delegatee) { // <= FOUND\n26:     _token.delegate(_delegatee);\n27:     _token.approve(msg.sender, type(uint256).max);\n28:   }\n\n```\n",
          "loc": [
            "[25](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L25-L25)"
          ]
        }
      ]
    },
    {
      "severity": "Low",
      "title": "Approve type(uint256).max may not work with some tokens",
      "description": "The `approve` function in ERC-20 tokens allows a user to permit another user or contract to spend tokens on their behalf. Setting the approval to `type(uint256).max` is often used as a way to grant an indefinite approval, as this value is the maximum possible value of a `uint256` variable in Solidity. \n\nHowever, some tokens may not function as expected when `type(uint256).max` is used. These tokens may have an atypical implementation of the `transferFrom` function, which is used in combination with `approve`. This function might behave differently when confronted with such a high allowance, possibly due to custom logic in the contract that wasn't designed to handle these edge cases. \n\nMoreover, tokens that have a built-in burning or fees mechanism could behave unpredictably when the maximum allowance is set. This can lead to potential vulnerabilities or misinterpretations of contract behavior.\n\nResolution: It's advisable to be conservative with the `approve` function and only approve the specific amount of tokens that need to be spent for the specific operation you're performing. If you need to provide an extensive allowance, ensure you've thoroughly analyzed the token contract to understand how it behaves with high allowances. Alternatively, consider implementing a mechanism in your contract to handle token allowances in a more dynamic way, adjusting them as needed for each operation, rather than relying on a single indefinite approval.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n27:     _token.approve(msg.sender, type(uint256).max); // <= FOUND\n\n```\n",
          "loc": [
            "[27](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L27-L27)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Revert on Transfer to the Zero Address",
      "description": "Many ERC-20 and ERC-721 token contracts implement a safeguard that reverts transactions which attempt to transfer tokens to the zero address. This is because such transfers are often the result of programming errors. The OpenZeppelin library, a popular choice for implementing these standards, includes this safeguard. For token contract developers who want to avoid unintentional transfers to the zero address, it's good practice to include a condition that reverts the transaction if the recipient's address is the zero address. ",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal { // <= FOUND\n624:     SafeERC20.safeTransferFrom(IERC20(address(STAKE_TOKEN)), _from, _to, _value); // <= FOUND\n625:   }\n\n```\n",
          "loc": [
            "[623](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L623-L624)"
          ]
        },
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   {\n642:     _revertIfAddressZero(_delegatee);\n643:     _revertIfAddressZero(_beneficiary);\n644: \n645:     _checkpointGlobalReward();\n646:     _checkpointReward(_beneficiary);\n647: \n648:     DelegationSurrogate _surrogate = _fetchOrDeploySurrogate(_delegatee);\n649:     _depositId = _useDepositId();\n650: \n651:     totalStaked += _amount;\n652:     depositorTotalStaked[_depositor] += _amount;\n653:     earningPower[_beneficiary] += _amount;\n654:     deposits[_depositId] = Deposit({\n655:       balance: _amount,\n656:       owner: _depositor,\n657:       delegatee: _delegatee,\n658:       beneficiary: _beneficiary\n659:     });\n660:     _stakeTokenSafeTransferFrom(_depositor, address(_surrogate), _amount); // <= FOUND\n661:     emit StakeDeposited(_depositor, _depositId, _amount, _amount);\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary);\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee);\n664:   }\n\n```\n",
          "loc": [
            "[638](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L638-L660)"
          ]
        },
        {
          "content": "```solidity\n669:   function _stakeMore(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n670:     internal\n671:   {\n672:     _checkpointGlobalReward();\n673:     _checkpointReward(deposit.beneficiary);\n674: \n675:     DelegationSurrogate _surrogate = surrogates[deposit.delegatee];\n676: \n677:     totalStaked += _amount;\n678:     depositorTotalStaked[deposit.owner] += _amount;\n679:     earningPower[deposit.beneficiary] += _amount;\n680:     deposit.balance += _amount;\n681:     _stakeTokenSafeTransferFrom(deposit.owner, address(_surrogate), _amount); // <= FOUND\n682:     emit StakeDeposited(deposit.owner, _depositId, _amount, deposit.balance);\n683:   }\n\n```\n",
          "loc": [
            "[669](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L669-L681)"
          ]
        },
        {
          "content": "```solidity\n688:   function _alterDelegatee(\n689:     Deposit storage deposit,\n690:     DepositIdentifier _depositId,\n691:     address _newDelegatee\n692:   ) internal {\n693:     _revertIfAddressZero(_newDelegatee);\n694:     DelegationSurrogate _oldSurrogate = surrogates[deposit.delegatee];\n695:     emit DelegateeAltered(_depositId, deposit.delegatee, _newDelegatee);\n696:     deposit.delegatee = _newDelegatee;\n697:     DelegationSurrogate _newSurrogate = _fetchOrDeploySurrogate(_newDelegatee);\n698:     _stakeTokenSafeTransferFrom(address(_oldSurrogate), address(_newSurrogate), deposit.balance); // <= FOUND\n699:   }\n\n```\n",
          "loc": [
            "[688](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L688-L698)"
          ]
        },
        {
          "content": "```solidity\n723:   function _withdraw(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n724:     internal\n725:   {\n726:     _checkpointGlobalReward();\n727:     _checkpointReward(deposit.beneficiary);\n728: \n729:     deposit.balance -= _amount; \n730:     totalStaked -= _amount;\n731:     depositorTotalStaked[deposit.owner] -= _amount;\n732:     earningPower[deposit.beneficiary] -= _amount;\n733:     _stakeTokenSafeTransferFrom(address(surrogates[deposit.delegatee]), deposit.owner, _amount); // <= FOUND\n734:     emit StakeWithdrawn(_depositId, _amount, deposit.balance);\n735:   }\n\n```\n",
          "loc": [
            "[723](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L723-L733)"
          ]
        },
        {
          "content": "```solidity\n740:   function _claimReward(address _beneficiary) internal {\n741:     _checkpointGlobalReward();\n742:     _checkpointReward(_beneficiary);\n743: \n744:     uint256 _reward = unclaimedRewardCheckpoint[_beneficiary];\n745:     if (_reward == 0) return;\n746:     unclaimedRewardCheckpoint[_beneficiary] = 0;\n747:     emit RewardClaimed(_beneficiary, _reward);\n748: \n749:     SafeERC20.safeTransfer(REWARD_TOKEN, _beneficiary, _reward); // <= FOUND\n750:   }\n\n```\n",
          "loc": [
            "[740](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L740-L749)"
          ]
        }
      ]
    },
    {
      "severity": "Low",
      "title": "Consider implementing two-step procedure for updating protocol addresses",
      "description": "Implementing a two-step procedure for updating protocol addresses adds an extra layer of security. In such a system, the first step initiates the change, and the second step, after a predefined delay, confirms and finalizes it. This delay allows stakeholders or monitoring tools to observe and react to unintended or malicious changes. If an unauthorized change is detected, corrective actions can be taken before the change is finalized. To achieve this, introduce a \"proposed address\" state variable and a \"delay period\". Upon an update request, set the \"proposed address\". After the delay, if not contested, the main protocol address can be updated.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external { // <= FOUND\n202:     _revertIfNotAdmin();\n203:     _setAdmin(_newAdmin);\n204:   }\n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n210:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external { // <= FOUND\n211:     _revertIfNotAdmin();\n212:     isRewardNotifier[_rewardNotifier] = _isEnabled;\n213:     emit RewardNotifierSet(_rewardNotifier, _isEnabled);\n214:   }\n\n```\n",
          "loc": [
            "[210](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L210-L210)"
          ]
        },
        {
          "content": "```solidity\n110:   function setAdmin(address _newAdmin) external { // <= FOUND\n111:     _revertIfNotAdmin();\n112:     if (_newAdmin == address(0)) revert V3FactoryOwner__InvalidAddress();\n113:     emit AdminSet(admin, _newAdmin);\n114:     admin = _newAdmin;\n115:   }\n\n```\n",
          "loc": [
            "[110](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L110-L110)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Constructors missing validation",
      "description": "In Solidity, when values are being assigned in constructors to unsigned or integer variables, it's crucial to ensure the provided values adhere to the protocol's specific operational boundaries as laid out in the project specifications and documentation. If the constructors lack appropriate validation checks, there's a risk of setting state variables with values that could cause unexpected and potentially detrimental behavior within the contract's operations, violating the intended logic of the protocol. This can compromise the contract's security and impact the maintainability and reliability of the system. In order to avoid such issues, it is recommended to incorporate rigorous validation checks in constructors. These checks should align with the project's defined rules and constraints, making use of Solidity's built-in require function to enforce these conditions. If the validation checks fail, the require function will cause the transaction to revert, ensuring the integrity and adherence to the protocol's expected behavior.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin)\n191:     EIP712(\"UniStaker\", \"1\")\n192:   {\n193:     REWARD_TOKEN = _rewardToken; // <= FOUND\n194:     STAKE_TOKEN = _stakeToken; // <= FOUND\n195:     _setAdmin(_admin);\n196:   }\n\n```\n",
          "loc": [
            "[190](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L190-L194)"
          ]
        },
        {
          "content": "```solidity\n88:   constructor(\n89:     address _admin,\n90:     IUniswapV3FactoryOwnerActions _factory,\n91:     IERC20 _payoutToken,\n92:     uint256 _payoutAmount,\n93:     INotifiableRewardReceiver _rewardReceiver\n94:   ) {\n95:     if (_admin == address(0)) revert V3FactoryOwner__InvalidAddress();\n96:     if (_payoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount();\n97: \n98:     admin = _admin;\n99:     FACTORY = _factory; // <= FOUND\n100:     PAYOUT_TOKEN = _payoutToken; // <= FOUND\n101:     payoutAmount = _payoutAmount;\n102:     REWARD_RECEIVER = _rewardReceiver; // <= FOUND\n103: \n104:     emit AdminSet(address(0), _admin);\n105:     emit PayoutAmountSet(0, _payoutAmount);\n106:   }\n\n```\n",
          "loc": [
            "[88](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L88-L102)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Contracts use infinite approvals with no means to revoke",
      "description": "Contracts that implement infinite approvals without providing a mechanism to revoke them can pose security risks. Infinite approvals allow a spender to withdraw an unlimited amount of tokens, potentially leading to abuse or exploitation if the spender's address is compromised. To mitigate this risk, it's advisable to include functions that allow users to set and modify allowances. Implementing a method to revoke or adjust these infinite approvals enhances user control and security. This approach ensures users can manage their token allowances effectively, reducing the likelihood of unauthorized token transfers and increasing overall trust in the contract's safety.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n20: contract DelegationSurrogate { // <= FOUND\n21:   \n25:   constructor(IERC20Delegates _token, address _delegatee) {\n26:     _token.delegate(_delegatee);\n27:     _token.approve(msg.sender, type(uint256).max); // <= FOUND\n28:   }\n29: }\n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L27)"
          ]
        }
      ]
    },
    {
      "severity": "Low",
      "title": "Division in comparison",
      "description": "To ensure accuracy in comparisons within programming, especially when dealing with integers, it's often more efficient to use multiplication rather than division. This approach stems from the fact that division operations are generally slower and more complex than multiplication. And in the context of solidity they can cause precision errors.\n\nSuppose you want to compare if a/b is greater than c/d (where a, b, c, and d are integers). Instead of performing division, which is prone to precision errors, you can cross-multiply to avoid division. The comparison a/b > c/d is equivalent to a*d > b*c. This way, you only use multiplication, which is faster and avoids potential inaccuracies or complexities associated with division.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n587: \n588:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate(); // <= FOUND\n\n```\n",
          "loc": [
            "[587](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L587-L588)"
          ]
        }
      ]
    },
    {
      "severity": "Low",
      "title": "Use forceApprove in place of approve",
      "description": "The forceApprove function is a specialized solution addressing the issues that arise with non-standard ERC-20 tokens, such as USDT, which exhibit non-standard behavior in their approve function. These tokens may necessitate setting the allowance to 0 before changing it, may not return a boolean value from approve calls, or may return false instead of reverting on failure. OpenZeppelin's SafeERC20 library includes a forceApprove method to safely handle these peculiarities, ensuring that smart contracts can interact with such tokens without transaction failures. It rectifies inconsistencies by ensuring that all token interactions, including approvals, adhere to expected standards, even when the underlying tokens do not. ",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n27:     _token.approve(msg.sender, type(uint256).max); // <= FOUND\n\n```\n",
          "loc": [
            "[27](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L27-L27)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Large transfers may not work with some ERC20 tokens",
      "description": "Large transfers with some ERC20 tokens may not work due to various reasons. Some tokens may have transfer restrictions built into the contract, such as daily transfer limits or maximum transfer sizes per transaction, to comply with regulatory requirements or to mitigate risks. Others may face issues with rounding errors when dealing with large quantities, especially if they have a high number of decimal places. Resolution involves carefully reading the token's contract to understand its constraints and behaviors and performing transfers accordingly. It may also be necessary to split large transfers into smaller increments if the token enforces specific transfer limits.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal { // <= FOUND\n624:     SafeERC20.safeTransferFrom(IERC20(address(STAKE_TOKEN)), _from, _to, _value); // <= FOUND\n625:   }\n\n```\n",
          "loc": [
            "[623](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L623-L624)"
          ]
        },
        {
          "content": "```solidity\n740:   function _claimReward(address _beneficiary) internal { // <= FOUND\n741:     _checkpointGlobalReward();\n742:     _checkpointReward(_beneficiary);\n743: \n744:     uint256 _reward = unclaimedRewardCheckpoint[_beneficiary];\n745:     if (_reward == 0) return;\n746:     unclaimedRewardCheckpoint[_beneficiary] = 0;\n747:     emit RewardClaimed(_beneficiary, _reward);\n748: \n749:     SafeERC20.safeTransfer(REWARD_TOKEN, _beneficiary, _reward);\n750:   }\n\n```\n",
          "loc": [
            "[740](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L740-L740)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount); // <= FOUND\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) =\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested);\n191: \n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) {\n194:       revert V3FactoryOwner__InsufficientFeesCollected();\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1);\n197:     return (_amount0, _amount1);\n198:   }\n\n```\n",
          "loc": [
            "[181](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L181-L187)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "NatSpec: @notice tags missing from contract/abstract/library/interface/function/modifier/constructor/receive/fallback",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin)\n191:     EIP712(\"UniStaker\", \"1\")\n192:   \n\n```\n",
          "loc": [
            "[190](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L190-L190)"
          ]
        },
        {
          "content": "```solidity\n88:   constructor(\n89:     address _admin,\n90:     IUniswapV3FactoryOwnerActions _factory,\n91:     IERC20 _payoutToken,\n92:     uint256 _payoutAmount,\n93:     INotifiableRewardReceiver _rewardReceiver\n94:   ) \n\n```\n",
          "loc": [
            "[88](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L88-L88)"
          ]
        },
        {
          "content": "```solidity\n25:   constructor(IERC20Delegates _token, address _delegatee) \n\n```\n",
          "loc": [
            "[25](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L25-L25)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Natspec @author is missing from contract/interface/library",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n4: /// @notice A subset of the ERC20Votes-style governance token to which UNI conforms.\n5: /// Methods related to standard ERC20 functionality and to delegation are included.\n6: /// These methods are needed in the context of this system. Methods related to check pointing,\n7: /// past voting weights, and other functionality are omitted.\n8: interface IERC20Delegates {\n9:   // ERC20 related methods\n10:   function allowance(address account, address spender) external view returns (uint256);\n11:   function approve(address spender, uint256 rawAmount) external returns (bool);\n12:   function balanceOf(address account) external view returns (uint256);\n13:   function decimals() external view returns (uint8);\n14:   function symbol() external view returns (string memory);\n15:   function totalSupply() external view returns (uint256);\n16:   function transfer(address dst, uint256 rawAmount) external returns (bool);\n17:   function transferFrom(address src, address dst, uint256 rawAmount) external returns (bool);\n18:   function permit(\n19:     address owner,\n20:     address spender,\n21:     uint256 rawAmount,\n22:     uint256 deadline,\n23:     uint8 v,\n24:     bytes32 r,\n25:     bytes32 s\n26:   ) external;\n27: \n28:   // ERC20Votes delegation methods\n29:   function delegate(address delegatee) external;\n30:   function delegates(address) external view returns (address);\n31: }\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L4-L4)"
          ]
        },
        {
          "content": "```solidity\n4: /// @title The interface for the Uniswap V3 Factory\n5: /// @notice The Uniswap V3 Factory facilitates creation of Uniswap V3 pools and control over the\n6: /// protocol fees\n7: /// @dev Stripped down and renamed from:\n8: /// https://github.com/Uniswap/v3-core/blob/d8b1c635c275d2a9450bd6a78f3fa2484fef73eb/contracts/interfaces/IUniswapV3Factory.sol\n9: interface IUniswapV3FactoryOwnerActions {\n10:   /// @notice Returns the current owner of the factory\n11:   /// @dev Can be changed by the current owner via setOwner\n12:   /// @return The address of the factory owner\n13:   function owner() external view returns (address);\n14: \n15:   /// @notice Updates the owner of the factory\n16:   /// @dev Must be called by the current owner\n17:   /// @param _owner The new owner of the factory\n18:   function setOwner(address _owner) external;\n19: \n20:   /// @notice Enables a fee amount with the given tickSpacing\n21:   /// @dev Fee amounts may never be removed once enabled\n22:   /// @param fee The fee amount to enable, denominated in hundredths of a bip (i.e. 1e-6)\n23:   /// @param tickSpacing The spacing between ticks to be enforced for all pools created with the\n24:   /// given fee amount\n25:   function enableFeeAmount(uint24 fee, int24 tickSpacing) external;\n26: \n27:   /// @notice Returns the tick spacing for a given fee amount, if enabled, or 0 if not enabled\n28:   /// @dev A fee amount can never be removed, so this value should be hard coded or cached in the\n29:   /// calling context\n30:   /// @param fee The enabled fee, denominated in hundredths of a bip. Returns 0 in case of unenabled\n31:   /// fee\n32:   /// @return The tick spacing\n33:   function feeAmountTickSpacing(uint24 fee) external view returns (int24);\n34: }\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L4-L4)"
          ]
        },
        {
          "content": "```solidity\n4: /// @title Permissioned pool actions\n5: /// @notice Contains pool methods that may only be called by the factory owner\n6: /// @dev Vendored from\n7: /// https://github.com/Uniswap/v3-core/blob/d8b1c635c275d2a9450bd6a78f3fa2484fef73eb/contracts/interfaces/pool/IUniswapV3PoolOwnerActions.sol\n8: interface IUniswapV3PoolOwnerActions {\n9:   /// @notice Set the denominator of the protocol's % share of the fees\n10:   /// @param feeProtocol0 new protocol fee for token0 of the pool\n11:   /// @param feeProtocol1 new protocol fee for token1 of the pool\n12:   function setFeeProtocol(uint8 feeProtocol0, uint8 feeProtocol1) external;\n13: \n14:   /// @notice Collect the protocol fee accrued to the pool\n15:   /// @param recipient The address to which collected protocol fees should be sent\n16:   /// @param amount0Requested The maximum amount of token0 to send, can be 0 to collect fees in only\n17:   /// token1\n18:   /// @param amount1Requested The maximum amount of token1 to send, can be 0 to collect fees in only\n19:   /// token0\n20:   /// @return amount0 The protocol fee collected in token0\n21:   /// @return amount1 The protocol fee collected in token1\n22:   function collectProtocol(address recipient, uint128 amount0Requested, uint128 amount1Requested)\n23:     external\n24:     returns (uint128 amount0, uint128 amount1);\n25: }\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3PoolOwnerActions.sol#L4-L4)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Natspec @title is missing from contract/interface/library",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n8: interface IERC20Delegates \n\n```\n",
          "loc": [
            "[8](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L8-L8)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "NatSpec: @dev tags missing from contract/abstract/library/interface/function/modifier/constructor/receive/fallback",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces \n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner \n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate \n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        },
        {
          "content": "```solidity\n8: interface IERC20Delegates \n\n```\n",
          "loc": [
            "[8](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L8-L8)"
          ]
        },
        {
          "content": "```solidity\n10: interface INotifiableRewardReceiver \n\n```\n",
          "loc": [
            "[10](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/INotifiableRewardReceiver.sol#L10-L10)"
          ]
        },
        {
          "content": "```solidity\n220:   function lastTimeRewardDistributed() public view returns (uint256) \n\n```\n",
          "loc": [
            "[220](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L220-L220)"
          ]
        },
        {
          "content": "```solidity\n229:   function rewardPerTokenAccumulated() public view returns (uint256) \n\n```\n",
          "loc": [
            "[229](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L229-L229)"
          ]
        },
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) \n\n```\n",
          "loc": [
            "[241](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L241-L241)"
          ]
        },
        {
          "content": "```solidity\n382:   function stakeMoreOnBehalf(\n383:     DepositIdentifier _depositId,\n384:     uint256 _amount,\n385:     address _depositor,\n386:     bytes memory _signature\n387:   ) external \n\n```\n",
          "loc": [
            "[382](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L382-L382)"
          ]
        },
        {
          "content": "```solidity\n536:   function claimReward() external \n\n```\n",
          "loc": [
            "[536](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L536-L536)"
          ]
        },
        {
          "content": "```solidity\n544:   function claimRewardOnBehalf(address _beneficiary, bytes memory _signature) external \n\n```\n",
          "loc": [
            "[544](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L544-L544)"
          ]
        },
        {
          "content": "```solidity\n605:   function _fetchOrDeploySurrogate(address _delegatee)\n606:     internal\n607:     returns (DelegationSurrogate _surrogate)\n608:   \n\n```\n",
          "loc": [
            "[605](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L605-L605)"
          ]
        },
        {
          "content": "```solidity\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal \n\n```\n",
          "loc": [
            "[623](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L623-L623)"
          ]
        },
        {
          "content": "```solidity\n630:   function _useDepositId() internal returns (DepositIdentifier _depositId) \n\n```\n",
          "loc": [
            "[630](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L630-L630)"
          ]
        },
        {
          "content": "```solidity\n753:   function _checkpointGlobalReward() internal \n\n```\n",
          "loc": [
            "[753](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L753-L753)"
          ]
        },
        {
          "content": "```solidity\n771:   function _setAdmin(address _newAdmin) internal \n\n```\n",
          "loc": [
            "[771](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L771-L771)"
          ]
        },
        {
          "content": "```solidity\n779:   function _revertIfNotAdmin() internal view \n\n```\n",
          "loc": [
            "[779](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L779-L779)"
          ]
        },
        {
          "content": "```solidity\n787:   function _revertIfNotDepositOwner(Deposit storage deposit, address owner) internal view \n\n```\n",
          "loc": [
            "[787](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L787-L787)"
          ]
        },
        {
          "content": "```solidity\n794:   function _revertIfAddressZero(address _account) internal pure \n\n```\n",
          "loc": [
            "[794](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L794-L794)"
          ]
        },
        {
          "content": "```solidity\n803:   function _revertIfSignatureIsNotValidNow(address _signer, bytes32 _hash, bytes memory _signature)\n804:     internal\n805:     view\n806:   \n\n```\n",
          "loc": [
            "[803](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L803-L803)"
          ]
        },
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external \n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n119:   function setPayoutAmount(uint256 _newPayoutAmount) external \n\n```\n",
          "loc": [
            "[119](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L119-L119)"
          ]
        },
        {
          "content": "```solidity\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin)\n191:     EIP712(\"UniStaker\", \"1\")\n192:   \n\n```\n",
          "loc": [
            "[190](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L190-L190)"
          ]
        },
        {
          "content": "```solidity\n88:   constructor(\n89:     address _admin,\n90:     IUniswapV3FactoryOwnerActions _factory,\n91:     IERC20 _payoutToken,\n92:     uint256 _payoutAmount,\n93:     INotifiableRewardReceiver _rewardReceiver\n94:   ) \n\n```\n",
          "loc": [
            "[88](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L88-L88)"
          ]
        },
        {
          "content": "```solidity\n25:   constructor(IERC20Delegates _token, address _delegatee) \n\n```\n",
          "loc": [
            "[25](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L25-L25)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "NatSpec: @param tags missing from function/modifier/constructor",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) \n\n```\n",
          "loc": [
            "[241](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L241-L241)"
          ]
        },
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   \n\n```\n",
          "loc": [
            "[638](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L638-L638)"
          ]
        },
        {
          "content": "```solidity\n669:   function _stakeMore(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n670:     internal\n671:   \n\n```\n",
          "loc": [
            "[669](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L669-L669)"
          ]
        },
        {
          "content": "```solidity\n688:   function _alterDelegatee(\n689:     Deposit storage deposit,\n690:     DepositIdentifier _depositId,\n691:     address _newDelegatee\n692:   ) internal \n\n```\n",
          "loc": [
            "[688](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L688-L688)"
          ]
        },
        {
          "content": "```solidity\n704:   function _alterBeneficiary(\n705:     Deposit storage deposit,\n706:     DepositIdentifier _depositId,\n707:     address _newBeneficiary\n708:   ) internal \n\n```\n",
          "loc": [
            "[704](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L704-L704)"
          ]
        },
        {
          "content": "```solidity\n723:   function _withdraw(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n724:     internal\n725:   \n\n```\n",
          "loc": [
            "[723](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L723-L723)"
          ]
        },
        {
          "content": "```solidity\n740:   function _claimReward(address _beneficiary) internal \n\n```\n",
          "loc": [
            "[740](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L740-L740)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "NatSpec: @return tags missing from function/modifier/constructor",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   \n\n```\n",
          "loc": [
            "[638](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L638-L638)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Floating pragma should be avoided",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n2: pragma solidity ^0.8.23; // <= FOUND\n\n```\n",
          "loc": [
            "[2](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L2-L2)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Events regarding state variable changes should emit the previous state variable value",
      "description": "Modify such events to contain the previous value of the state variable as demonstrated in the example below",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n65: event RewardNotifierSet(address indexed account, bool isEnabled);\n\n```\n",
          "loc": [
            "[65](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L65-L65)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "In functions which accept an address as a parameter, there should be a zero address check to prevent bugs",
      "description": "In smart contract development, especially with Solidity, it's crucial to validate inputs to functions. When a function accepts an Ethereum address as a parameter, implementing a zero address check (i.e., ensuring the address is not `0x0`) is a best practice to prevent potential bugs and vulnerabilities. The zero address (`0x0`) is a default value and generally indicates an uninitialized or invalid state. Passing the zero address to certain functions can lead to unintended behaviors, like funds getting locked permanently or transactions failing silently. By checking for and rejecting the zero address, developers can ensure that the function operates as intended and interacts only with valid Ethereum addresses. This check enhances the contract's robustness and security.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external \n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n210:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external \n\n```\n",
          "loc": [
            "[210](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L210-L210)"
          ]
        },
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) \n\n```\n",
          "loc": [
            "[241](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L241-L241)"
          ]
        },
        {
          "content": "```solidity\n256:   function stake(uint256 _amount, address _delegatee)\n257:     external\n258:     returns (DepositIdentifier _depositId)\n259:   \n\n```\n",
          "loc": [
            "[256](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L256-L256)"
          ]
        },
        {
          "content": "```solidity\n271:   function stake(uint256 _amount, address _delegatee, address _beneficiary)\n272:     external\n273:     returns (DepositIdentifier _depositId)\n274:   \n\n```\n",
          "loc": [
            "[271](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L271-L271)"
          ]
        },
        {
          "content": "```solidity\n292:   function permitAndStake(\n293:     uint256 _amount,\n294:     address _delegatee,\n295:     address _beneficiary,\n296:     uint256 _deadline,\n297:     uint8 _v,\n298:     bytes32 _r,\n299:     bytes32 _s\n300:   ) external returns (DepositIdentifier _depositId) \n\n```\n",
          "loc": [
            "[292](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L292-L292)"
          ]
        },
        {
          "content": "```solidity\n315:   function stakeOnBehalf(\n316:     uint256 _amount,\n317:     address _delegatee,\n318:     address _beneficiary,\n319:     address _depositor,\n320:     bytes memory _signature\n321:   ) external returns (DepositIdentifier _depositId) \n\n```\n",
          "loc": [
            "[315](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L315-L315)"
          ]
        },
        {
          "content": "```solidity\n382:   function stakeMoreOnBehalf(\n383:     DepositIdentifier _depositId,\n384:     uint256 _amount,\n385:     address _depositor,\n386:     bytes memory _signature\n387:   ) external \n\n```\n",
          "loc": [
            "[382](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L382-L382)"
          ]
        },
        {
          "content": "```solidity\n410:   function alterDelegatee(DepositIdentifier _depositId, address _newDelegatee) external \n\n```\n",
          "loc": [
            "[410](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L410-L410)"
          ]
        },
        {
          "content": "```solidity\n423:   function alterDelegateeOnBehalf(\n424:     DepositIdentifier _depositId,\n425:     address _newDelegatee,\n426:     address _depositor,\n427:     bytes memory _signature\n428:   ) external \n\n```\n",
          "loc": [
            "[423](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L423-L423)"
          ]
        },
        {
          "content": "```solidity\n453:   function alterBeneficiary(DepositIdentifier _depositId, address _newBeneficiary) external \n\n```\n",
          "loc": [
            "[453](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L453-L453)"
          ]
        },
        {
          "content": "```solidity\n466:   function alterBeneficiaryOnBehalf(\n467:     DepositIdentifier _depositId,\n468:     address _newBeneficiary,\n469:     address _depositor,\n470:     bytes memory _signature\n471:   ) external \n\n```\n",
          "loc": [
            "[466](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L466-L466)"
          ]
        },
        {
          "content": "```solidity\n512:   function withdrawOnBehalf(\n513:     DepositIdentifier _depositId,\n514:     uint256 _amount,\n515:     address _depositor,\n516:     bytes memory _signature\n517:   ) external \n\n```\n",
          "loc": [
            "[512](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L512-L512)"
          ]
        },
        {
          "content": "```solidity\n544:   function claimRewardOnBehalf(address _beneficiary, bytes memory _signature) external \n\n```\n",
          "loc": [
            "[544](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L544-L544)"
          ]
        },
        {
          "content": "```solidity\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal \n\n```\n",
          "loc": [
            "[623](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L623-L623)"
          ]
        },
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   \n\n```\n",
          "loc": [
            "[638](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L638-L638)"
          ]
        },
        {
          "content": "```solidity\n688:   function _alterDelegatee(\n689:     Deposit storage deposit,\n690:     DepositIdentifier _depositId,\n691:     address _newDelegatee\n692:   ) internal \n\n```\n",
          "loc": [
            "[688](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L688-L688)"
          ]
        },
        {
          "content": "```solidity\n704:   function _alterBeneficiary(\n705:     Deposit storage deposit,\n706:     DepositIdentifier _depositId,\n707:     address _newBeneficiary\n708:   ) internal \n\n```\n",
          "loc": [
            "[704](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L704-L704)"
          ]
        },
        {
          "content": "```solidity\n740:   function _claimReward(address _beneficiary) internal \n\n```\n",
          "loc": [
            "[740](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L740-L740)"
          ]
        },
        {
          "content": "```solidity\n764:   function _checkpointReward(address _beneficiary) internal \n\n```\n",
          "loc": [
            "[764](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L764-L764)"
          ]
        },
        {
          "content": "```solidity\n771:   function _setAdmin(address _newAdmin) internal \n\n```\n",
          "loc": [
            "[771](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L771-L771)"
          ]
        },
        {
          "content": "```solidity\n787:   function _revertIfNotDepositOwner(Deposit storage deposit, address owner) internal view \n\n```\n",
          "loc": [
            "[787](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L787-L787)"
          ]
        },
        {
          "content": "```solidity\n803:   function _revertIfSignatureIsNotValidNow(address _signer, bytes32 _hash, bytes memory _signature)\n804:     internal\n805:     view\n806:   \n\n```\n",
          "loc": [
            "[803](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L803-L803)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) \n\n```\n",
          "loc": [
            "[181](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L181-L181)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Revert statements within external and public functions can be used to perform DOS attacks",
      "description": "In Solidity, 'revert' statements are used to undo changes and throw an exception when certain conditions are not met. However, in public and external functions, improper use of `revert` can be exploited for Denial of Service (DoS) attacks. An attacker can intentionally trigger these 'revert' conditions, causing legitimate transactions to consistently fail. For example, if a function relies on specific conditions from user input or contract state, an attacker could manipulate these to continually force reverts, blocking the function's execution. Therefore, it's crucial to design contract logic to handle exceptions properly and avoid scenarios where `revert` can be predictably triggered by malicious actors. This includes careful input validation and considering alternative design patterns that are less susceptible to such abuses.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n570:   function notifyRewardAmount(uint256 _amount) external {\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender); // <= FOUND\n572: \n575:     rewardPerTokenAccumulatedCheckpoint = rewardPerTokenAccumulated();\n576: \n577:     if (block.timestamp >= rewardEndTime) {\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION;\n579:     } else {\n580:       uint256 _remainingReward = scaledRewardRate * (rewardEndTime - block.timestamp);\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION;\n582:     }\n583: \n584:     rewardEndTime = block.timestamp + REWARD_DURATION;\n585:     lastCheckpointTime = block.timestamp;\n586: \n587:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate(); // <= FOUND\n588: \n594:     if (\n595:       (scaledRewardRate * REWARD_DURATION) > (REWARD_TOKEN.balanceOf(address(this)) * SCALE_FACTOR)\n596:     ) revert UniStaker__InsufficientRewardBalance(); // <= FOUND\n597: \n598:     emit RewardNotified(_amount, msg.sender);\n599:   }\n\n```\n",
          "loc": [
            "[571](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L571-L596)"
          ]
        },
        {
          "content": "```solidity\n110:   function setAdmin(address _newAdmin) external {\n111:     _revertIfNotAdmin();\n112:     if (_newAdmin == address(0)) revert V3FactoryOwner__InvalidAddress(); // <= FOUND\n113:     emit AdminSet(admin, _newAdmin);\n114:     admin = _newAdmin;\n115:   }\n\n```\n",
          "loc": [
            "[112](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L112-L112)"
          ]
        },
        {
          "content": "```solidity\n119:   function setPayoutAmount(uint256 _newPayoutAmount) external {\n120:     _revertIfNotAdmin();\n121:     if (_newPayoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount(); // <= FOUND\n122:     emit PayoutAmountSet(payoutAmount, _newPayoutAmount);\n123:     payoutAmount = _newPayoutAmount;\n124:   }\n\n```\n",
          "loc": [
            "[121](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L121-L121)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount);\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) =\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested);\n191: \n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) {\n194:       revert V3FactoryOwner__InsufficientFeesCollected(); // <= FOUND\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1);\n197:     return (_amount0, _amount1);\n198:   }\n\n```\n",
          "loc": [
            "[194](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L194-L194)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Private and internal state variables should have a preceding _ in their name unless they are constants",
      "description": "Add a preceding underscore to the state variable name, take care to refactor where there variables are read/wrote",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n137: DepositIdentifier private nextDepositId; // <= FOUND\n\n```\n",
          "loc": [
            "[137](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L137-L137)"
          ]
        },
        {
          "content": "```solidity\n32: type DepositIdentifier is uint256;\n\n```\n",
          "loc": [
            "[32](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L32-L32)"
          ]
        },
        {
          "content": "```solidity\n13: );\n\n```\n",
          "loc": [
            "[13](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L13-L13)"
          ]
        },
        {
          "content": "```solidity\n107: keccak256(\"StakeMore(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n\n```\n",
          "loc": [
            "[107](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L107-L107)"
          ]
        },
        {
          "content": "```solidity\n118: keccak256(\"Withdraw(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n\n```\n",
          "loc": [
            "[118](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L118-L118)"
          ]
        },
        {
          "content": "```solidity\n121: keccak256(\"ClaimReward(address beneficiary,uint256 nonce)\");\n\n```\n",
          "loc": [
            "[121](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L121-L121)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Contract lines should not be longer than 120 characters for readability",
      "description": "Consider spreading these lines over multiple lines to aid in readability and the support of VIM users everywhere.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n8: /// https://github.com/Uniswap/v3-core/blob/d8b1c635c275d2a9450bd6a78f3fa2484fef73eb/contracts/interfaces/IUniswapV3Factory.sol // <= FOUND\n\n```\n",
          "loc": [
            "[8](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L8-L8)"
          ]
        },
        {
          "content": "```solidity\n7: /// https://github.com/Uniswap/v3-core/blob/d8b1c635c275d2a9450bd6a78f3fa2484fef73eb/contracts/interfaces/pool/IUniswapV3PoolOwnerActions.sol // <= FOUND\n\n```\n",
          "loc": [
            "[7](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3PoolOwnerActions.sol#L7-L7)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Not all event definitions are utilizing indexed variables.",
      "description": "Try to index as much as three variables in event declarations as this is more gas efficient when done on value type variables (uint, address etc) however not for bytes and string variables ",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n36: event StakeDeposited( // <= FOUND\n37:     address owner, DepositIdentifier indexed depositId, uint256 amount, uint256 depositBalance\n38:   );\n\n```\n",
          "loc": [
            "[36](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L36-L36)"
          ]
        },
        {
          "content": "```solidity\n41: event StakeWithdrawn(DepositIdentifier indexed depositId, uint256 amount, uint256 depositBalance); // <= FOUND\n\n```\n",
          "loc": [
            "[41](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L41-L41)"
          ]
        },
        {
          "content": "```solidity\n44: event DelegateeAltered( // <= FOUND\n45:     DepositIdentifier indexed depositId, address oldDelegatee, address newDelegatee\n46:   );\n\n```\n",
          "loc": [
            "[44](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L44-L44)"
          ]
        },
        {
          "content": "```solidity\n56: event RewardClaimed(address indexed beneficiary, uint256 amount); // <= FOUND\n\n```\n",
          "loc": [
            "[56](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L56-L56)"
          ]
        },
        {
          "content": "```solidity\n59: event RewardNotified(uint256 amount, address notifier); // <= FOUND\n\n```\n",
          "loc": [
            "[59](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L59-L59)"
          ]
        },
        {
          "content": "```solidity\n65: event RewardNotifierSet(address indexed account, bool isEnabled); // <= FOUND\n\n```\n",
          "loc": [
            "[65](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L65-L65)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Dependence on external protocols",
      "description": "External protocols should be monitored as such dependencies may introduce vulnerabilities if a vulnerability is found /introduced in the external protocol",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n4: import {IUniswapV3PoolOwnerActions} from \"src/interfaces/IUniswapV3PoolOwnerActions.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L4-L4)"
          ]
        },
        {
          "content": "```solidity\n5: import {IUniswapV3FactoryOwnerActions} from \"src/interfaces/IUniswapV3FactoryOwnerActions.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[5](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L5-L5)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Function names should differ to make the code more readable",
      "description": "In Solidity, while function overriding allows for functions with the same name to coexist, it is advisable to avoid this practice to enhance code readability and maintainability. Having multiple functions with the same name, even with different parameters or in inherited contracts, can cause confusion and increase the likelihood of errors during development, testing, and debugging. Using distinct and descriptive function names not only clarifies the purpose and behavior of each function, but also helps prevent unintended function calls or incorrect overriding. By adopting a clear and consistent naming convention, developers can create more comprehensible and maintainable smart contracts.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n256:   function stake(uint256 _amount, address _delegatee) // <= FOUND\n257:     external\n258:     returns (DepositIdentifier _depositId)\n259:   \n\n```\n",
          "loc": [
            "[256](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L256-L256)"
          ]
        },
        {
          "content": "```solidity\n271:   function stake(uint256 _amount, address _delegatee, address _beneficiary) // <= FOUND\n272:     external\n273:     returns (DepositIdentifier _depositId)\n274:   \n\n```\n",
          "loc": [
            "[271](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L271-L271)"
          ]
        },
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external  // <= FOUND\n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external  // <= FOUND\n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n779:   function _revertIfNotAdmin() internal view  // <= FOUND\n\n```\n",
          "loc": [
            "[779](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L779-L779)"
          ]
        },
        {
          "content": "```solidity\n779:   function _revertIfNotAdmin() internal view  // <= FOUND\n\n```\n",
          "loc": [
            "[779](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L779-L779)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Functions within contracts are not ordered according to the solidity style guide",
      "description": "The following order should be used within contracts\n\nconstructor\n\nreceive function (if exists)\n\nfallback function (if exists)\n\nexternal\n\npublic\n\ninternal\n\nprivate\n\nRearrange the contract functions and contructors to fit this ordering",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces  // <= FOUND\n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Interface imports should be declared first",
      "description": "Amend the ordering of imports to import interfaces first followed by other imports",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n2: \n3: pragma solidity 0.8.23;\n4: \n5: import {DelegationSurrogate} from \"src/DelegationSurrogate.sol\"; // <= FOUND\n6: import {INotifiableRewardReceiver} from \"src/interfaces/INotifiableRewardReceiver.sol\"; // <= FOUND\n7: import {IERC20Delegates} from \"src/interfaces/IERC20Delegates.sol\"; // <= FOUND\n8: import {IERC20} from \"openzeppelin/token/ERC20/IERC20.sol\"; // <= FOUND\n9: import {SafeERC20} from \"openzeppelin/token/ERC20/utils/SafeERC20.sol\"; // <= FOUND\n10: import {Multicall} from \"openzeppelin/utils/Multicall.sol\"; // <= FOUND\n11: import {Nonces} from \"openzeppelin/utils/Nonces.sol\"; // <= FOUND\n12: import {SignatureChecker} from \"openzeppelin/utils/cryptography/SignatureChecker.sol\"; // <= FOUND\n13: import {EIP712} from \"openzeppelin/utils/cryptography/EIP712.sol\"; // <= FOUND\n14: \n32: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces {\n33:   type DepositIdentifier is uint256;\n34: \n37:   event StakeDeposited(\n38:     address owner, DepositIdentifier indexed depositId, uint256 amount, uint256 depositBalance\n39:   );\n40: \n42:   event StakeWithdrawn(DepositIdentifier indexed depositId, uint256 amount, uint256 depositBalance);\n43: \n45:   event DelegateeAltered(\n46:     DepositIdentifier indexed depositId, address oldDelegatee, address newDelegatee\n47:   );\n48: \n50:   event BeneficiaryAltered(\n51:     DepositIdentifier indexed depositId,\n52:     address indexed oldBeneficiary,\n53:     address indexed newBeneficiary\n54:   );\n55: \n57:   event RewardClaimed(address indexed beneficiary, uint256 amount);\n58: \n60:   event RewardNotified(uint256 amount, address notifier);\n61: \n63:   event AdminSet(address indexed oldAdmin, address indexed newAdmin);\n64: \n66:   event RewardNotifierSet(address indexed account, bool isEnabled);\n67: \n69:   event SurrogateDeployed(address indexed delegatee, address indexed surrogate);\n70: \n74:   error UniStaker__Unauthorized(bytes32 reason, address caller);\n75: \n77:   error UniStaker__InvalidRewardRate();\n78: \n82:   error UniStaker__InsufficientRewardBalance();\n83: \n85:   error UniStaker__InvalidAddress();\n86: \n88:   error UniStaker__InvalidSignature();\n89: \n95:   struct Deposit {\n96:     uint256 balance;\n97:     address owner;\n98:     address delegatee;\n99:     address beneficiary;\n100:   }\n101: \n103:   bytes32 public constant STAKE_TYPEHASH = keccak256(\n104:     \"Stake(uint256 amount,address delegatee,address beneficiary,address depositor,uint256 nonce)\"\n\n```\n",
          "loc": [
            "[5](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L5-L13)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Multiple mappings can be replaced with a single struct mapping",
      "description": "Using a single struct mapping in place of multiple defined mappings in a Solidity contract can lead to improved code organization, better readability, and easier maintainability. By consolidating related data into a single struct, developers can create a more cohesive data structure that logically groups together relevant pieces of information, thus reducing redundancy and clutter. This approach simplifies the codebase, making it easier to understand, navigate, and modify. Additionally, it can result in more efficient gas usage when accessing or updating multiple related data points simultaneously. ",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces {\n32:   type DepositIdentifier is uint256;\n33: \n89:   bytes32 public constant STAKE_TYPEHASH = keccak256(\n90:     \"Stake(uint256 amount,address delegatee,address beneficiary,address depositor,uint256 nonce)\"\n91:   );\n92:   \n93:   bytes32 public constant STAKE_MORE_TYPEHASH =\n94:     keccak256(\"StakeMore(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n95:   \n96:   bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256(\n97:     \"AlterDelegatee(uint256 depositId,address newDelegatee,address depositor,uint256 nonce)\"\n98:   );\n99:   \n100:   bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256(\n101:     \"AlterBeneficiary(uint256 depositId,address newBeneficiary,address depositor,uint256 nonce)\"\n102:   );\n103:   \n104:   bytes32 public constant WITHDRAW_TYPEHASH =\n105:     keccak256(\"Withdraw(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n106:   \n107:   bytes32 public constant CLAIM_REWARD_TYPEHASH =\n108:     keccak256(\"ClaimReward(address beneficiary,uint256 nonce)\");\n109: \n111:   IERC20 public immutable REWARD_TOKEN;\n112: \n114:   IERC20Delegates public immutable STAKE_TOKEN;\n115: \n117:   uint256 public constant REWARD_DURATION = 30 days;\n118: \n121:   uint256 public constant SCALE_FACTOR = 1e36;\n122: \n124:   DepositIdentifier private nextDepositId;\n125: \n127:   address public admin;\n128: \n130:   uint256 public totalStaked;\n131: \n133:   mapping(address depositor => uint256 amount) public depositorTotalStaked; // <= FOUND\n134: \n136:   mapping(address beneficiary => uint256 amount) public earningPower; // <= FOUND\n137: \n139:   mapping(DepositIdentifier depositId => Deposit deposit) public deposits; // <= FOUND\n140: \n143:   mapping(address delegatee => DelegationSurrogate surrogate) public surrogates; // <= FOUND\n144: \n146:   uint256 public rewardEndTime;\n147: \n149:   uint256 public lastCheckpointTime;\n150: \n153:   uint256 public scaledRewardRate;\n154: \n156:   uint256 public rewardPerTokenAccumulatedCheckpoint;\n157: \n162:   mapping(address account => uint256) public beneficiaryRewardPerTokenCheckpoint; // <= FOUND\n163: \n169:   mapping(address account => uint256 amount) public unclaimedRewardCheckpoint; // <= FOUND\n170: \n172:   mapping(address rewardNotifier => bool) public isRewardNotifier; // <= FOUND\n173: \n448: }\n\n```\n",
          "loc": [
            "[133](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L133-L172)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Use safePermit in place of permit",
      "description": " OpenZeppelin's SafePermit is designed to facilitate secure and seamless token approvals via off-chain signed messages, mitigating the risks associated with on-chain transactions. It follows the ERC-2612 standard, ensuring compatibility with various wallets and dApps, and aligning with established industry guidelines. ",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n301:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s); // <= FOUND\n\n```\n",
          "loc": [
            "[301](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L301-L301)"
          ]
        },
        {
          "content": "```solidity\n301: \n302:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s); // <= FOUND\n\n```\n",
          "loc": [
            "[301](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L301-L302)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider using named mappings",
      "description": "In Solidity version 0.8.18 and beyond mapping parameters can be named. This makes the purpose and function of a given mapping far clearer which in turn improves readability.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n185:   mapping(address rewardNotifier => bool) public isRewardNotifier; // <= FOUND\n\n```\n",
          "loc": [
            "[185](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L185-L185)"
          ]
        },
        {
          "content": "```solidity\n175:   mapping(address account => uint256) public beneficiaryRewardPerTokenCheckpoint; // <= FOUND\n\n```\n",
          "loc": [
            "[175](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L175-L175)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Use a single contract or library for system wide constants",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces {\n32:   type DepositIdentifier is uint256;\n33: \n89:   bytes32 public constant STAKE_TYPEHASH = keccak256( // <= FOUND\n90:     \"Stake(uint256 amount,address delegatee,address beneficiary,address depositor,uint256 nonce)\"\n91:   );\n92:   \n93:   bytes32 public constant STAKE_MORE_TYPEHASH = // <= FOUND\n94:     keccak256(\"StakeMore(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n95:   \n96:   bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256( // <= FOUND\n97:     \"AlterDelegatee(uint256 depositId,address newDelegatee,address depositor,uint256 nonce)\"\n98:   );\n99:   \n100:   bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256( // <= FOUND\n101:     \"AlterBeneficiary(uint256 depositId,address newBeneficiary,address depositor,uint256 nonce)\"\n102:   );\n103:   \n104:   bytes32 public constant WITHDRAW_TYPEHASH = // <= FOUND\n105:     keccak256(\"Withdraw(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n106:   \n107:   bytes32 public constant CLAIM_REWARD_TYPEHASH = // <= FOUND\n108:     keccak256(\"ClaimReward(address beneficiary,uint256 nonce)\");\n109: \n111:   IERC20 public immutable REWARD_TOKEN;\n112: \n114:   IERC20Delegates public immutable STAKE_TOKEN;\n115: \n117:   uint256 public constant REWARD_DURATION = 30 days; // <= FOUND\n118: \n121:   uint256 public constant SCALE_FACTOR = 1e36; // <= FOUND\n122: \n124:   DepositIdentifier private nextDepositId;\n125: \n127:   address public admin;\n128: \n130:   uint256 public totalStaked;\n131: \n133:   mapping(address depositor => uint256 amount) public depositorTotalStaked;\n134: \n136:   mapping(address beneficiary => uint256 amount) public earningPower;\n137: \n139:   mapping(DepositIdentifier depositId => Deposit deposit) public deposits;\n140: \n143:   mapping(address delegatee => DelegationSurrogate surrogate) public surrogates;\n144: \n146:   uint256 public rewardEndTime;\n147: \n149:   uint256 public lastCheckpointTime;\n150: \n153:   uint256 public scaledRewardRate;\n154: \n156:   uint256 public rewardPerTokenAccumulatedCheckpoint;\n157: \n162:   mapping(address account => uint256) public beneficiaryRewardPerTokenCheckpoint;\n163: \n169:   mapping(address account => uint256 amount) public unclaimedRewardCheckpoint;\n170: \n172:   mapping(address rewardNotifier => bool) public isRewardNotifier;\n173: \n448: }\n\n```\n",
          "loc": [
            "[89](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L89-L121)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Off-by-one timestamp error",
      "description": "In Solidity, using `>=` or `<=` to compare against `block.timestamp` (alias `now`) may introduce off-by-one errors due to the fact that `block.timestamp` is only updated once per block and its value remains constant throughout the block's execution. If an operation happens at the exact second when `block.timestamp` changes, it could result in unexpected behavior. To avoid this, it's safer to use strict inequality operators (`>` or `<`). For instance, if a condition should only be met after a certain time, use `block.timestamp > time` rather than `block.timestamp >= time`. This way, potential off-by-one errors due to the exact timing of block mining are mitigated, leading to safer, more predictable contract behavior.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n220:   function lastTimeRewardDistributed() public view returns (uint256) { // <= FOUND\n221:     if (rewardEndTime <= block.timestamp) return rewardEndTime;\n222:     else return block.timestamp;\n223:   }\n\n```\n",
          "loc": [
            "[220](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L220-L220)"
          ]
        },
        {
          "content": "```solidity\n570:   function notifyRewardAmount(uint256 _amount) external { // <= FOUND\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender);\n572: \n575:     rewardPerTokenAccumulatedCheckpoint = rewardPerTokenAccumulated();\n576: \n577:     if (block.timestamp >= rewardEndTime) {\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION;\n579:     } else {\n580:       uint256 _remainingReward = scaledRewardRate * (rewardEndTime - block.timestamp);\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION;\n582:     }\n583: \n584:     rewardEndTime = block.timestamp + REWARD_DURATION;\n585:     lastCheckpointTime = block.timestamp;\n586: \n587:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate();\n588: \n594:     if (\n595:       (scaledRewardRate * REWARD_DURATION) > (REWARD_TOKEN.balanceOf(address(this)) * SCALE_FACTOR)\n596:     ) revert UniStaker__InsufficientRewardBalance();\n597: \n598:     emit RewardNotified(_amount, msg.sender);\n599:   }\n\n```\n",
          "loc": [
            "[570](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L570-L570)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "increase/decrease allowance should be used instead of approve/safeApprove",
      "description": "Using `approve()` in ERC20 tokens has a known race condition when resetting allowances, making it susceptible to double spending. Instead, the `increaseAllowance()` and `decreaseAllowance()` functions are introduced to safely adjust allowances without the need to first reset them to zero. They atomically change the allowance, avoiding potential vulnerabilities. Developers should transition from the deprecated `approve()` method to these newer functions to enhance security. By using `increaseAllowance()` or `decreaseAllowance()`, you can ensure that allowances are adjusted in a safer manner, mitigating possible attack vectors associated with the traditional `approve()` function.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n27:     _token.approve(msg.sender, type(uint256).max); // <= FOUND\n\n```\n",
          "loc": [
            "[27](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L27-L27)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Use immutable not constant for keccak state variables",
      "description": "It's crucial to leverage the right features for the appropriate contexts in Solidity, despite the compiler's ability to correct common developer mistakes. Both `constant` and `immutable` variables have distinct uses. `Constant` variables are best suited for hard-coded, literal values within your contract, where the value doesn't need to be computed or modified. \n\nOn the other hand, `immutable` variables are ideal for situations where the value might be the result of an expression or received from a constructor. While both serve to define unchanging variables, they function differently and their proper utilization contributes to clearer, more efficient code. Remember, even if the compiler can correct certain mistakes, best practices dictate using the correct feature for the task at hand.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n102: bytes32 public constant STAKE_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[102](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L102-L102)"
          ]
        },
        {
          "content": "```solidity\n109: bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[109](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L109-L109)"
          ]
        },
        {
          "content": "```solidity\n113: bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[113](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L113-L113)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Custom error has no error variables",
      "description": "In Solidity, the use of custom error messages provides a valuable method of conveying meaningful information about failures during execution. In the current implementation, the custom errors lack specifics, making it challenging to understand the root cause of a failure. It's advisable to incorporate parameters into your error messages to indicate which user action or specific value caused the exception. This not only enhances error transparency but also aids debugging and fosters a more robust and maintainable codebase. Providing such precise error context greatly helps developers identify and resolve issues faster.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n76: error UniStaker__InvalidRewardRate(); // <= FOUND\n\n```\n",
          "loc": [
            "[76](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L76-L76)"
          ]
        },
        {
          "content": "```solidity\n81: error UniStaker__InsufficientRewardBalance(); // <= FOUND\n\n```\n",
          "loc": [
            "[81](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L81-L81)"
          ]
        },
        {
          "content": "```solidity\n84: error UniStaker__InvalidAddress(); // <= FOUND\n\n```\n",
          "loc": [
            "[84](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L84-L84)"
          ]
        },
        {
          "content": "```solidity\n87: error UniStaker__InvalidSignature(); // <= FOUND\n\n```\n",
          "loc": [
            "[87](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L87-L87)"
          ]
        },
        {
          "content": "```solidity\n54: error V3FactoryOwner__Unauthorized(); // <= FOUND\n\n```\n",
          "loc": [
            "[54](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L54-L54)"
          ]
        },
        {
          "content": "```solidity\n57: error V3FactoryOwner__InvalidAddress(); // <= FOUND\n\n```\n",
          "loc": [
            "[57](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L57-L57)"
          ]
        },
        {
          "content": "```solidity\n60: error V3FactoryOwner__InvalidPayoutAmount(); // <= FOUND\n\n```\n",
          "loc": [
            "[60](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L60-L60)"
          ]
        },
        {
          "content": "```solidity\n63: error V3FactoryOwner__InsufficientFeesCollected(); // <= FOUND\n\n```\n",
          "loc": [
            "[63](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L63-L63)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Empty bytes check is missing",
      "description": "When developing smart contracts in Solidity, it's crucial to validate the inputs of your functions. This includes ensuring that the bytes parameters are not empty, especially when they represent crucial data such as addresses, identifiers, or raw data that the contract needs to process.\n\nMissing empty bytes checks can lead to unexpected behaviour in your contract. For instance, certain operations might fail, produce incorrect results, or consume unnecessary gas when performed with empty bytes. Moreover, missing input validation can potentially expose your contract to malicious activity, including exploitation of unhandled edge cases.\n\nTo mitigate these issues, always validate that bytes parameters are not empty when the logic of your contract requires it.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n292:   function permitAndStake(\n293:     uint256 _amount,\n294:     address _delegatee,\n295:     address _beneficiary,\n296:     uint256 _deadline,\n297:     uint8 _v,\n298:     bytes32 _r,\n299:     bytes32 _s\n300:   ) external returns (DepositIdentifier _depositId) {\n301:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s);\n302:     _depositId = _stake(msg.sender, _amount, _delegatee, _beneficiary);\n303:   }\n\n```\n",
          "loc": [
            "[292](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L292-L292)"
          ]
        },
        {
          "content": "```solidity\n315:   function stakeOnBehalf(\n316:     uint256 _amount,\n317:     address _delegatee,\n318:     address _beneficiary,\n319:     address _depositor,\n320:     bytes memory _signature\n321:   ) external returns (DepositIdentifier _depositId) {\n322:     _revertIfSignatureIsNotValidNow(\n323:       _depositor,\n324:       _hashTypedDataV4(\n325:         keccak256(\n326:           abi.encode(\n327:             STAKE_TYPEHASH, _amount, _delegatee, _beneficiary, _depositor, _useNonce(_depositor)\n328:           )\n329:         )\n330:       ),\n331:       _signature\n332:     );\n333:     _depositId = _stake(_depositor, _amount, _delegatee, _beneficiary);\n334:   }\n\n```\n",
          "loc": [
            "[315](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L315-L315)"
          ]
        },
        {
          "content": "```solidity\n360:   function permitAndStakeMore(\n361:     DepositIdentifier _depositId,\n362:     uint256 _amount,\n363:     uint256 _deadline,\n364:     uint8 _v,\n365:     bytes32 _r,\n366:     bytes32 _s\n367:   ) external {\n368:     Deposit storage deposit = deposits[_depositId];\n369:     _revertIfNotDepositOwner(deposit, msg.sender);\n370: \n371:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s);\n372:     _stakeMore(deposit, _depositId, _amount);\n373:   }\n\n```\n",
          "loc": [
            "[360](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L360-L360)"
          ]
        },
        {
          "content": "```solidity\n382:   function stakeMoreOnBehalf(\n383:     DepositIdentifier _depositId,\n384:     uint256 _amount,\n385:     address _depositor,\n386:     bytes memory _signature\n387:   ) external {\n388:     Deposit storage deposit = deposits[_depositId];\n389:     _revertIfNotDepositOwner(deposit, _depositor);\n390: \n391:     _revertIfSignatureIsNotValidNow(\n392:       _depositor,\n393:       _hashTypedDataV4(\n394:         keccak256(\n395:           abi.encode(STAKE_MORE_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor))\n396:         )\n397:       ),\n398:       _signature\n399:     );\n400: \n401:     _stakeMore(deposit, _depositId, _amount);\n402:   }\n\n```\n",
          "loc": [
            "[382](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L382-L382)"
          ]
        },
        {
          "content": "```solidity\n423:   function alterDelegateeOnBehalf(\n424:     DepositIdentifier _depositId,\n425:     address _newDelegatee,\n426:     address _depositor,\n427:     bytes memory _signature\n428:   ) external {\n429:     Deposit storage deposit = deposits[_depositId];\n430:     _revertIfNotDepositOwner(deposit, _depositor);\n431: \n432:     _revertIfSignatureIsNotValidNow(\n433:       _depositor,\n434:       _hashTypedDataV4(\n435:         keccak256(\n436:           abi.encode(\n437:             ALTER_DELEGATEE_TYPEHASH, _depositId, _newDelegatee, _depositor, _useNonce(_depositor)\n438:           )\n439:         )\n440:       ),\n441:       _signature\n442:     );\n443: \n444:     _alterDelegatee(deposit, _depositId, _newDelegatee);\n445:   }\n\n```\n",
          "loc": [
            "[423](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L423-L423)"
          ]
        },
        {
          "content": "```solidity\n466:   function alterBeneficiaryOnBehalf(\n467:     DepositIdentifier _depositId,\n468:     address _newBeneficiary,\n469:     address _depositor,\n470:     bytes memory _signature\n471:   ) external {\n472:     Deposit storage deposit = deposits[_depositId];\n473:     _revertIfNotDepositOwner(deposit, _depositor);\n474: \n475:     _revertIfSignatureIsNotValidNow(\n476:       _depositor,\n477:       _hashTypedDataV4(\n478:         keccak256(\n479:           abi.encode(\n480:             ALTER_BENEFICIARY_TYPEHASH,\n481:             _depositId,\n482:             _newBeneficiary,\n483:             _depositor,\n484:             _useNonce(_depositor)\n485:           )\n486:         )\n487:       ),\n488:       _signature\n489:     );\n490: \n491:     _alterBeneficiary(deposit, _depositId, _newBeneficiary);\n492:   }\n\n```\n",
          "loc": [
            "[466](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L466-L466)"
          ]
        },
        {
          "content": "```solidity\n512:   function withdrawOnBehalf(\n513:     DepositIdentifier _depositId,\n514:     uint256 _amount,\n515:     address _depositor,\n516:     bytes memory _signature\n517:   ) external {\n518:     Deposit storage deposit = deposits[_depositId];\n519:     _revertIfNotDepositOwner(deposit, _depositor);\n520: \n521:     _revertIfSignatureIsNotValidNow(\n522:       _depositor,\n523:       _hashTypedDataV4(\n524:         keccak256(\n525:           abi.encode(WITHDRAW_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor))\n526:         )\n527:       ),\n528:       _signature\n529:     );\n530: \n531:     _withdraw(deposit, _depositId, _amount);\n532:   }\n\n```\n",
          "loc": [
            "[512](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L512-L512)"
          ]
        },
        {
          "content": "```solidity\n544:   function claimRewardOnBehalf(address _beneficiary, bytes memory _signature) external {\n545:     _revertIfSignatureIsNotValidNow(\n546:       _beneficiary,\n547:       _hashTypedDataV4(\n548:         keccak256(abi.encode(CLAIM_REWARD_TYPEHASH, _beneficiary, _useNonce(_beneficiary)))\n549:       ),\n550:       _signature\n551:     );\n552:     _claimReward(_beneficiary);\n553:   }\n\n```\n",
          "loc": [
            "[544](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L544-L544)"
          ]
        },
        {
          "content": "```solidity\n803:   function _revertIfSignatureIsNotValidNow(address _signer, bytes32 _hash, bytes memory _signature)\n804:     internal\n805:     view\n806:   {\n807:     bool _isValid = SignatureChecker.isValidSignatureNow(_signer, _hash, _signature);\n808:     if (!_isValid) revert UniStaker__InvalidSignature();\n809:   }\n\n```\n",
          "loc": [
            "[803](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L803-L803)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider using SMTChecker",
      "description": "The SMTChecker is a valuable tool for Solidity developers as it helps detect potential vulnerabilities and logical errors in the contract's code. By utilizing Satisfiability Modulo Theories (SMT) solvers, it can reason about the potential states a contract can be in, and therefore, identify conditions that could lead to undesirable behavior. This automatic formal verification can catch issues that might otherwise be missed in manual code reviews or standard testing, enhancing the overall contract's security and reliability.",
      "gasSavings": 1750,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n1: // SPDX-License-Identifier: GPL-2.0-or-later\n2: pragma solidity ^0.8.23;\n3: \n4: /// @title The interface for the Uniswap V3 Factory\n5: /// @notice The Uniswap V3 Factory facilitates creation of Uniswap V3 pools and control over the\n6: /// protocol fees\n7: /// @dev Stripped down and renamed from:\n8: /// https://github.com/Uniswap/v3-core/blob/d8b1c635c275d2a9450bd6a78f3fa2484fef73eb/contracts/interfaces/IUniswapV3Factory.sol\n9: interface IUniswapV3FactoryOwnerActions {\n10:   /// @notice Returns the current owner of the factory\n11:   /// @dev Can be changed by the current owner via setOwner\n12:   /// @return The address of the factory owner\n13:   function owner() external view returns (address);\n14: \n15:   /// @notice Updates the owner of the factory\n16:   /// @dev Must be called by the current owner\n17:   /// @param _owner The new owner of the factory\n18:   function setOwner(address _owner) external;\n19: \n20:   /// @notice Enables a fee amount with the given tickSpacing\n21:   /// @dev Fee amounts may never be removed once enabled\n22:   /// @param fee The fee amount to enable, denominated in hundredths of a bip (i.e. 1e-6)\n23:   /// @param tickSpacing The spacing between ticks to be enforced for all pools created with the\n24:   /// given fee amount\n25:   function enableFeeAmount(uint24 fee, int24 tickSpacing) external;\n26: \n27:   /// @notice Returns the tick spacing for a given fee amount, if enabled, or 0 if not enabled\n28:   /// @dev A fee amount can never be removed, so this value should be hard coded or cached in the\n29:   /// calling context\n30:   /// @param fee The enabled fee, denominated in hundredths of a bip. Returns 0 in case of unenabled\n31:   /// fee\n32:   /// @return The tick spacing\n33:   function feeAmountTickSpacing(uint24 fee) external view returns (int24);\n34: }\n35: \n\n```\n",
          "loc": [
            "[1](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L1-L1)"
          ]
        },
        {
          "content": "```solidity\n1: // SPDX-License-Identifier: AGPL-3.0-only\n2: pragma solidity ^0.8.23;\n3: \n4: /// @title INotifiableRewardReceiver\n5: /// @author ScopeLift\n6: /// @notice The communication interface between the V3FactoryOwner contract and the UniStaker\n7: /// contract. In particular, the V3FactoryOwner only needs to know the latter implements the\n8: /// specified method in order to forward payouts to the UniStaker contract. The UniStaker contract\n9: /// receives the rewards and abstracts the distribution mechanics\n10: interface INotifiableRewardReceiver {\n11:   /// @notice Method called to notify a reward receiver it has received a reward.\n12:   /// @param _amount The amount of reward.\n13:   function notifyRewardAmount(uint256 _amount) external;\n14: }\n15: \n\n```\n",
          "loc": [
            "[1](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/INotifiableRewardReceiver.sol#L1-L1)"
          ]
        },
        {
          "content": "```solidity\n1: // SPDX-License-Identifier: AGPL-3.0-only\n2: pragma solidity 0.8.23;\n3: \n4: import {DelegationSurrogate} from \"src/DelegationSurrogate.sol\";\n5: import {INotifiableRewardReceiver} from \"src/interfaces/INotifiableRewardReceiver.sol\";\n6: import {IERC20Delegates} from \"src/interfaces/IERC20Delegates.sol\";\n7: import {IERC20} from \"openzeppelin/token/ERC20/IERC20.sol\";\n8: import {SafeERC20} from \"openzeppelin/token/ERC20/utils/SafeERC20.sol\";\n9: import {Multicall} from \"openzeppelin/utils/Multicall.sol\";\n10: import {Nonces} from \"openzeppelin/utils/Nonces.sol\";\n11: import {SignatureChecker} from \"openzeppelin/utils/cryptography/SignatureChecker.sol\";\n12: import {EIP712} from \"openzeppelin/utils/cryptography/EIP712.sol\";\n13: \n14: /// @title UniStaker\n15: /// @author ScopeLift\n16: /// @notice This contract manages the distribution of rewards to stakers. Rewards are denominated\n17: /// in an ERC20 token and sent to the contract by authorized reward notifiers. To stake means to\n18: /// deposit a designated, delegable ERC20 governance token and leave it over a period of time.\n19: /// The contract allows stakers to delegate the voting power of the tokens they stake to any\n20: /// governance delegatee on a per deposit basis. The contract also allows stakers to designate the\n21: /// beneficiary address that earns rewards for the associated deposit.\n22: ///\n23: /// The staking mechanism of this contract is directly inspired by the Synthetix StakingRewards.sol\n24: /// implementation. The core mechanic involves the streaming of rewards over a designated period\n25: /// of time. Each staker earns rewards proportional to their share of the total stake, and each\n26: /// staker earns only while their tokens are staked. Stakers may add or withdraw their stake at any\n27: /// point. Beneficiaries can claim the rewards they've earned at any point. When a new reward is\n28: /// received, the reward duration restarts, and the rate at which rewards are streamed is updated\n29: /// to include the newly received rewards along with any remaining rewards that have finished\n30: /// streaming since the last time a reward was received.\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces {\n32:   type DepositIdentifier is uint256;\n33: \n34:   /// @notice Emitted when stake is deposited by a depositor, either to a new deposit or one that\n35:   /// already exists.\n36:   event StakeDeposited(\n37:     address owner, DepositIdentifier indexed depositId, uint256 amount, uint256 depositBalance\n38:   );\n39: \n40:   /// @notice Emitted when a depositor withdraws some portion of stake from a given deposit.\n41:   event StakeWithdrawn(DepositIdentifier indexed depositId, uint256 amount, uint256 depositBalance);\n42: \n43:   /// @notice Emitted when a deposit's delegatee is changed.\n44:   event DelegateeAltered(\n45:     DepositIdentifier indexed depositId, address oldDelegatee, address newDelegatee\n46:   );\n47: \n48:   /// @notice Emitted when a deposit's beneficiary is changed.\n49:   event BeneficiaryAltered(\n50:     DepositIdentifier indexed depositId,\n51:     address indexed oldBeneficiary,\n52:     address indexed newBeneficiary\n53:   );\n54: \n55:   /// @notice Emitted when a beneficiary claims their earned reward.\n56:   event RewardClaimed(address indexed beneficiary, uint256 amount);\n57: \n58:   /// @notice Emitted when this contract is notified of a new reward.\n59:   event RewardNotified(uint256 amount, address notifier);\n60: \n61:   /// @notice Emitted when the admin address is set.\n62:   event AdminSet(address indexed oldAdmin, address indexed newAdmin);\n63: \n64:   /// @notice Emitted when a reward notifier address is enabled or disabled.\n65:   event RewardNotifierSet(address indexed account, bool isEnabled);\n66: \n67:   /// @notice Emitted when a surrogate contract is deployed.\n68:   event SurrogateDeployed(address indexed delegatee, address indexed surrogate);\n69: \n70:   /// @notice Thrown when an account attempts a call for which it lacks appropriate permission.\n71:   /// @param reason Human readable code explaining why the call is unauthorized.\n72:   /// @param caller The address that attempted the unauthorized call.\n73:   error UniStaker__Unauthorized(bytes32 reason, address caller);\n74: \n75:   /// @notice Thrown if the new rate after a reward notification would be zero.\n76:   error UniStaker__InvalidRewardRate();\n77: \n78:   /// @notice Thrown if the following invariant is broken after a new reward: the contract should\n79:   /// always have a reward balance sufficient to distribute at the reward rate across the reward\n80:   /// duration.\n81:   error UniStaker__InsufficientRewardBalance();\n82: \n83:   /// @notice Thrown if a caller attempts to specify address zero for certain designated addresses.\n84:   error UniStaker__InvalidAddress();\n85: \n86:   /// @notice Thrown if a caller supplies an invalid signature to a method that requires one.\n87:   error UniStaker__InvalidSignature();\n88: \n89:   /// @notice Metadata associated with a discrete staking deposit.\n90:   /// @param balance The deposit's staked balance.\n91:   /// @param owner The owner of this deposit.\n92:   /// @param delegatee The governance delegate who receives the voting weight for this deposit.\n93:   /// @param beneficiary The address that accrues staking rewards earned by this deposit.\n94:   struct Deposit {\n95:     uint256 balance;\n96:     address owner;\n97:     address delegatee;\n98:     address beneficiary;\n99:   }\n100: \n101:   /// @notice Type hash used when encoding data for `stakeOnBehalf` calls.\n102:   bytes32 public constant STAKE_TYPEHASH = keccak256(\n103:     \"Stake(uint256 amount,address delegatee,address beneficiary,address depositor,uint256 nonce)\"\n104:   );\n105:   /// @notice Type hash used when encoding data for `stakeMoreOnBehalf` calls.\n106:   bytes32 public constant STAKE_MORE_TYPEHASH =\n107:     keccak256(\"StakeMore(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n108:   /// @notice Type hash used when encoding data for `alterDelegateeOnBehalf` calls.\n109:   bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256(\n110:     \"AlterDelegatee(uint256 depositId,address newDelegatee,address depositor,uint256 nonce)\"\n111:   );\n112:   /// @notice Type hash used when encoding data for `alterBeneficiaryOnBehalf` calls.\n113:   bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256(\n114:     \"AlterBeneficiary(uint256 depositId,address newBeneficiary,address depositor,uint256 nonce)\"\n115:   );\n116:   /// @notice Type hash used when encoding data for `withdrawOnBehalf` calls.\n117:   bytes32 public constant WITHDRAW_TYPEHASH =\n118:     keccak256(\"Withdraw(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n119:   /// @notice Type hash used when encoding data for `claimRewardOnBehalf` calls.\n120:   bytes32 public constant CLAIM_REWARD_TYPEHASH =\n121:     keccak256(\"ClaimReward(address beneficiary,uint256 nonce)\");\n122: \n123:   /// @notice ERC20 token in which rewards are denominated and distributed.\n124:   IERC20 public immutable REWARD_TOKEN;\n125: \n126:   /// @notice Delegable governance token which users stake to earn rewards.\n127:   IERC20Delegates public immutable STAKE_TOKEN;\n128: \n129:   /// @notice Length of time over which rewards sent to this contract are distributed to stakers.\n130:   uint256 public constant REWARD_DURATION = 30 days;\n131: \n132:   /// @notice Scale factor used in reward calculation math to reduce rounding errors caused by\n133:   /// truncation during division.\n134:   uint256 public constant SCALE_FACTOR = 1e36;\n135: \n136:   /// @dev Unique identifier that will be used for the next deposit.\n137:   DepositIdentifier private nextDepositId;\n138: \n139:   /// @notice Permissioned actor that can enable/disable `rewardNotifier` addresses.\n140:   address public admin;\n141: \n142:   /// @notice Global amount currently staked across all deposits.\n143:   uint256 public totalStaked;\n144: \n145:   /// @notice Tracks the total staked by a depositor across all unique deposits.\n146:   mapping(address depositor => uint256 amount) public depositorTotalStaked;\n147: \n148:   /// @notice Tracks the total stake actively earning rewards for a given beneficiary account.\n149:   mapping(address beneficiary => uint256 amount) public earningPower;\n150: \n151:   /// @notice Stores the metadata associated with a given deposit.\n152:   mapping(DepositIdentifier depositId => Deposit deposit) public deposits;\n153: \n154:   /// @notice Maps the account of each governance delegate with the surrogate contract which holds\n155:   /// the staked tokens from deposits which assign voting weight to said delegate.\n156:   mapping(address delegatee => DelegationSurrogate surrogate) public surrogates;\n157: \n158:   /// @notice Time at which rewards distribution will complete if there are no new rewards.\n159:   uint256 public rewardEndTime;\n160: \n161:   /// @notice Last time at which the global rewards accumulator was updated.\n162:   uint256 public lastCheckpointTime;\n163: \n164:   /// @notice Global rate at which rewards are currently being distributed to stakers,\n165:   /// denominated in scaled reward tokens per second, using the SCALE_FACTOR.\n166:   uint256 public scaledRewardRate;\n167: \n168:   /// @notice Checkpoint value of the global reward per token accumulator.\n169:   uint256 public rewardPerTokenAccumulatedCheckpoint;\n170: \n171:   /// @notice Checkpoint of the reward per token accumulator on a per account basis. It represents\n172:   /// the value of the global accumulator at the last time a given beneficiary's rewards were\n173:   /// calculated and stored. The difference between the global value and this value can be\n174:   /// used to calculate the interim rewards earned by given account.\n175:   mapping(address account => uint256) public beneficiaryRewardPerTokenCheckpoint;\n176: \n177:   /// @notice Checkpoint of the unclaimed rewards earned by a given beneficiary. This value is\n178:   /// stored any time an action is taken that specifically impacts the rate at which rewards are\n179:   /// earned by a given beneficiary account. Total unclaimed rewards for an account are thus this\n180:   /// value plus all rewards earned after this checkpoint was taken. This value is reset to zero\n181:   /// when a beneficiary account claims their earned rewards.\n182:   mapping(address account => uint256 amount) public unclaimedRewardCheckpoint;\n183: \n184:   /// @notice Maps addresses to whether they are authorized to call `notifyRewardAmount`.\n185:   mapping(address rewardNotifier => bool) public isRewardNotifier;\n186: \n187:   /// @param _rewardToken ERC20 token in which rewards will be denominated.\n188:   /// @param _stakeToken Delegable governance token which users will stake to earn rewards.\n189:   /// @param _admin Address which will have permission to manage rewardNotifiers.\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin)\n191:     EIP712(\"UniStaker\", \"1\")\n192:   {\n193:     REWARD_TOKEN = _rewardToken;\n194:     STAKE_TOKEN = _stakeToken;\n195:     _setAdmin(_admin);\n196:   }\n197: \n198:   /// @notice Set the admin address.\n199:   /// @param _newAdmin Address of the new admin.\n200:   /// @dev Caller must be the current admin.\n201:   function setAdmin(address _newAdmin) external {\n202:     _revertIfNotAdmin();\n203:     _setAdmin(_newAdmin);\n204:   }\n205: \n206:   /// @notice Enables or disables a reward notifier address.\n207:   /// @param _rewardNotifier Address of the reward notifier.\n208:   /// @param _isEnabled `true` to enable the `_rewardNotifier`, or `false` to disable.\n209:   /// @dev Caller must be the current admin.\n210:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external {\n211:     _revertIfNotAdmin();\n212:     isRewardNotifier[_rewardNotifier] = _isEnabled;\n213:     emit RewardNotifierSet(_rewardNotifier, _isEnabled);\n214:   }\n215: \n216:   /// @notice Timestamp representing the last time at which rewards have been distributed, which is\n217:   /// either the current timestamp (because rewards are still actively being streamed) or the time\n218:   /// at which the reward duration ended (because all rewards to date have already been streamed).\n219:   /// @return Timestamp representing the last time at which rewards have been distributed.\n220:   function lastTimeRewardDistributed() public view returns (uint256) {\n221:     if (rewardEndTime <= block.timestamp) return rewardEndTime;\n222:     else return block.timestamp;\n223:   }\n224: \n225:   /// @notice Live value of the global reward per token accumulator. It is the sum of the last\n226:   /// checkpoint value with the live calculation of the value that has accumulated in the interim.\n227:   /// This number should monotonically increase over time as more rewards are distributed.\n228:   /// @return Live value of the global reward per token accumulator.\n229:   function rewardPerTokenAccumulated() public view returns (uint256) {\n230:     if (totalStaked == 0) return rewardPerTokenAccumulatedCheckpoint;\n231: \n232:     return rewardPerTokenAccumulatedCheckpoint\n233:       + (scaledRewardRate * (lastTimeRewardDistributed() - lastCheckpointTime)) / totalStaked;\n234:   }\n235: \n236:   /// @notice Live value of the unclaimed rewards earned by a given beneficiary account. It is the\n237:   /// sum of the last checkpoint value of their unclaimed rewards with the live calculation of the\n238:   /// rewards that have accumulated for this account in the interim. This value can only increase,\n239:   /// until it is reset to zero once the beneficiary account claims their unearned rewards.\n240:   /// @return Live value of the unclaimed rewards earned by a given beneficiary account.\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) {\n242:     return unclaimedRewardCheckpoint[_beneficiary]\n243:       + (\n244:         earningPower[_beneficiary]\n245:           * (rewardPerTokenAccumulated() - beneficiaryRewardPerTokenCheckpoint[_beneficiary])\n246:       ) / SCALE_FACTOR;\n247:   }\n248: \n249:   /// @notice Stake tokens to a new deposit. The caller must pre-approve the staking contract to\n250:   /// spend at least the would-be staked amount of the token.\n251:   /// @param _amount The amount of the staking token to stake.\n252:   /// @param _delegatee The address to assign the governance voting weight of the staked tokens.\n253:   /// @return _depositId The unique identifier for this deposit.\n254:   /// @dev The delegatee may not be the zero address. The deposit will be owned by the message\n255:   /// sender, and the beneficiary will also be the message sender.\n256:   function stake(uint256 _amount, address _delegatee)\n257:     external\n258:     returns (DepositIdentifier _depositId)\n259:   {\n260:     _depositId = _stake(msg.sender, _amount, _delegatee, msg.sender);\n261:   }\n262: \n263:   /// @notice Method to stake tokens to a new deposit. The caller must pre-approve the staking\n264:   /// contract to spend at least the would-be staked amount of the token.\n265:   /// @param _amount Quantity of the staking token to stake.\n266:   /// @param _delegatee Address to assign the governance voting weight of the staked tokens.\n267:   /// @param _beneficiary Address that will accrue rewards for this stake.\n268:   /// @return _depositId Unique identifier for this deposit.\n269:   /// @dev Neither the delegatee nor the beneficiary may be the zero address. The deposit will be\n270:   /// owned by the message sender.\n271:   function stake(uint256 _amount, address _delegatee, address _beneficiary)\n272:     external\n273:     returns (DepositIdentifier _depositId)\n274:   {\n275:     _depositId = _stake(msg.sender, _amount, _delegatee, _beneficiary);\n276:   }\n277: \n278:   /// @notice Method to stake tokens to a new deposit. The caller must approve the staking\n279:   /// contract to spend at least the would-be staked amount of the token via a signature which is\n280:   /// is also provided, and is passed to the token contract's permit method before the staking\n281:   /// operation occurs.\n282:   /// @param _amount Quantity of the staking token to stake.\n283:   /// @param _delegatee Address to assign the governance voting weight of the staked tokens.\n284:   /// @param _beneficiary Address that will accrue rewards for this stake.\n285:   /// @param _deadline The timestamp at which the permit signature should expire.\n286:   /// @param _v ECDSA signature component: Parity of the `y` coordinate of point `R`\n287:   /// @param _r ECDSA signature component: x-coordinate of `R`\n288:   /// @param _s ECDSA signature component: `s` value of the signature\n289:   /// @return _depositId Unique identifier for this deposit.\n290:   /// @dev Neither the delegatee nor the beneficiary may be the zero address. The deposit will be\n291:   /// owned by the message sender.\n292:   function permitAndStake(\n293:     uint256 _amount,\n294:     address _delegatee,\n295:     address _beneficiary,\n296:     uint256 _deadline,\n297:     uint8 _v,\n298:     bytes32 _r,\n299:     bytes32 _s\n300:   ) external returns (DepositIdentifier _depositId) {\n301:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s);\n302:     _depositId = _stake(msg.sender, _amount, _delegatee, _beneficiary);\n303:   }\n304: \n305:   /// @notice Stake tokens to a new deposit on behalf of a user, using a signature to validate the\n306:   /// user's intent. The caller must pre-approve the staking contract to spend at least the\n307:   /// would-be staked amount of the token.\n308:   /// @param _amount Quantity of the staking token to stake.\n309:   /// @param _delegatee Address to assign the governance voting weight of the staked tokens.\n310:   /// @param _beneficiary Address that will accrue rewards for this stake.\n311:   /// @param _depositor Address of the user on whose behalf this stake is being made.\n312:   /// @param _signature Signature of the user authorizing this stake.\n313:   /// @return _depositId Unique identifier for this deposit.\n314:   /// @dev Neither the delegatee nor the beneficiary may be the zero address.\n315:   function stakeOnBehalf(\n316:     uint256 _amount,\n317:     address _delegatee,\n318:     address _beneficiary,\n319:     address _depositor,\n320:     bytes memory _signature\n321:   ) external returns (DepositIdentifier _depositId) {\n322:     _revertIfSignatureIsNotValidNow(\n323:       _depositor,\n324:       _hashTypedDataV4(\n325:         keccak256(\n326:           abi.encode(\n327:             STAKE_TYPEHASH, _amount, _delegatee, _beneficiary, _depositor, _useNonce(_depositor)\n328:           )\n329:         )\n330:       ),\n331:       _signature\n332:     );\n333:     _depositId = _stake(_depositor, _amount, _delegatee, _beneficiary);\n334:   }\n335: \n336:   /// @notice Add more staking tokens to an existing deposit. A staker should call this method when\n337:   /// they have an existing deposit, and wish to stake more while retaining the same delegatee and\n338:   /// beneficiary.\n339:   /// @param _depositId Unique identifier of the deposit to which stake will be added.\n340:   /// @param _amount Quantity of stake to be added.\n341:   /// @dev The message sender must be the owner of the deposit.\n342:   function stakeMore(DepositIdentifier _depositId, uint256 _amount) external {\n343:     Deposit storage deposit = deposits[_depositId];\n344:     _revertIfNotDepositOwner(deposit, msg.sender);\n345:     _stakeMore(deposit, _depositId, _amount);\n346:   }\n347: \n348:   /// @notice Add more staking tokens to an existing deposit. A staker should call this method when\n349:   /// they have an existing deposit, and wish to stake more while retaining the same delegatee and\n350:   /// beneficiary. The caller must approve the staking contract to spend at least the would-be\n351:   /// staked amount of the token via a signature which is is also provided, and is passed to the\n352:   /// token contract's permit method before the staking operation occurs.\n353:   /// @param _depositId Unique identifier of the deposit to which stake will be added.\n354:   /// @param _amount Quantity of stake to be added.\n355:   /// @param _deadline The timestamp at which the permit signature should expire.\n356:   /// @param _v ECDSA signature component: Parity of the `y` coordinate of point `R`\n357:   /// @param _r ECDSA signature component: x-coordinate of `R`\n358:   /// @param _s ECDSA signature component: `s` value of the signature\n359:   /// @dev The message sender must be the owner of the deposit.\n360:   function permitAndStakeMore(\n361:     DepositIdentifier _depositId,\n362:     uint256 _amount,\n363:     uint256 _deadline,\n364:     uint8 _v,\n365:     bytes32 _r,\n366:     bytes32 _s\n367:   ) external {\n368:     Deposit storage deposit = deposits[_depositId];\n369:     _revertIfNotDepositOwner(deposit, msg.sender);\n370: \n371:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s);\n372:     _stakeMore(deposit, _depositId, _amount);\n373:   }\n374: \n375:   /// @notice Add more staking tokens to an existing deposit on behalf of a user, using a signature\n376:   /// to validate the user's intent. A staker should call this method when they have an existing\n377:   /// deposit, and wish to stake more while retaining the same delegatee and beneficiary.\n378:   /// @param _depositId Unique identifier of the deposit to which stake will be added.\n379:   /// @param _amount Quantity of stake to be added.\n380:   /// @param _depositor Address of the user on whose behalf this stake is being made.\n381:   /// @param _signature Signature of the user authorizing this stake.\n382:   function stakeMoreOnBehalf(\n383:     DepositIdentifier _depositId,\n384:     uint256 _amount,\n385:     address _depositor,\n386:     bytes memory _signature\n387:   ) external {\n388:     Deposit storage deposit = deposits[_depositId];\n389:     _revertIfNotDepositOwner(deposit, _depositor);\n390: \n391:     _revertIfSignatureIsNotValidNow(\n392:       _depositor,\n393:       _hashTypedDataV4(\n394:         keccak256(\n395:           abi.encode(STAKE_MORE_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor))\n396:         )\n397:       ),\n398:       _signature\n399:     );\n400: \n401:     _stakeMore(deposit, _depositId, _amount);\n402:   }\n403: \n404:   /// @notice For an existing deposit, change the address to which governance voting power is\n405:   /// assigned.\n406:   /// @param _depositId Unique identifier of the deposit which will have its delegatee altered.\n407:   /// @param _newDelegatee Address of the new governance delegate.\n408:   /// @dev The new delegatee may not be the zero address. The message sender must be the owner of\n409:   /// the deposit.\n410:   function alterDelegatee(DepositIdentifier _depositId, address _newDelegatee) external {\n411:     Deposit storage deposit = deposits[_depositId];\n412:     _revertIfNotDepositOwner(deposit, msg.sender);\n413:     _alterDelegatee(deposit, _depositId, _newDelegatee);\n414:   }\n415: \n416:   /// @notice For an existing deposit, change the address to which governance voting power is\n417:   /// assigned on behalf of a user, using a signature to validate the user's intent.\n418:   /// @param _depositId Unique identifier of the deposit which will have its delegatee altered.\n419:   /// @param _newDelegatee Address of the new governance delegate.\n420:   /// @param _depositor Address of the user on whose behalf this stake is being made.\n421:   /// @param _signature Signature of the user authorizing this stake.\n422:   /// @dev The new delegatee may not be the zero address.\n423:   function alterDelegateeOnBehalf(\n424:     DepositIdentifier _depositId,\n425:     address _newDelegatee,\n426:     address _depositor,\n427:     bytes memory _signature\n428:   ) external {\n429:     Deposit storage deposit = deposits[_depositId];\n430:     _revertIfNotDepositOwner(deposit, _depositor);\n431: \n432:     _revertIfSignatureIsNotValidNow(\n433:       _depositor,\n434:       _hashTypedDataV4(\n435:         keccak256(\n436:           abi.encode(\n437:             ALTER_DELEGATEE_TYPEHASH, _depositId, _newDelegatee, _depositor, _useNonce(_depositor)\n438:           )\n439:         )\n440:       ),\n441:       _signature\n442:     );\n443: \n444:     _alterDelegatee(deposit, _depositId, _newDelegatee);\n445:   }\n446: \n447:   /// @notice For an existing deposit, change the beneficiary to which staking rewards are\n448:   /// accruing.\n449:   /// @param _depositId Unique identifier of the deposit which will have its beneficiary altered.\n450:   /// @param _newBeneficiary Address of the new rewards beneficiary.\n451:   /// @dev The new beneficiary may not be the zero address. The message sender must be the owner of\n452:   /// the deposit.\n453:   function alterBeneficiary(DepositIdentifier _depositId, address _newBeneficiary) external {\n454:     Deposit storage deposit = deposits[_depositId];\n455:     _revertIfNotDepositOwner(deposit, msg.sender);\n456:     _alterBeneficiary(deposit, _depositId, _newBeneficiary);\n457:   }\n458: \n459:   /// @notice For an existing deposit, change the beneficiary to which staking rewards are\n460:   /// accruing on behalf of a user, using a signature to validate the user's intent.\n461:   /// @param _depositId Unique identifier of the deposit which will have its beneficiary altered.\n462:   /// @param _newBeneficiary Address of the new rewards beneficiary.\n463:   /// @param _depositor Address of the user on whose behalf this stake is being made.\n464:   /// @param _signature Signature of the user authorizing this stake.\n465:   /// @dev The new beneficiary may not be the zero address.\n466:   function alterBeneficiaryOnBehalf(\n467:     DepositIdentifier _depositId,\n468:     address _newBeneficiary,\n469:     address _depositor,\n470:     bytes memory _signature\n471:   ) external {\n472:     Deposit storage deposit = deposits[_depositId];\n473:     _revertIfNotDepositOwner(deposit, _depositor);\n474: \n475:     _revertIfSignatureIsNotValidNow(\n476:       _depositor,\n477:       _hashTypedDataV4(\n478:         keccak256(\n479:           abi.encode(\n480:             ALTER_BENEFICIARY_TYPEHASH,\n481:             _depositId,\n482:             _newBeneficiary,\n483:             _depositor,\n484:             _useNonce(_depositor)\n485:           )\n486:         )\n487:       ),\n488:       _signature\n489:     );\n490: \n491:     _alterBeneficiary(deposit, _depositId, _newBeneficiary);\n492:   }\n493: \n494:   /// @notice Withdraw staked tokens from an existing deposit.\n495:   /// @param _depositId Unique identifier of the deposit from which stake will be withdrawn.\n496:   /// @param _amount Quantity of staked token to withdraw.\n497:   /// @dev The message sender must be the owner of the deposit. Stake is withdrawn to the message\n498:   /// sender's account.\n499:   function withdraw(DepositIdentifier _depositId, uint256 _amount) external {\n500:     Deposit storage deposit = deposits[_depositId];\n501:     _revertIfNotDepositOwner(deposit, msg.sender);\n502:     _withdraw(deposit, _depositId, _amount);\n503:   }\n504: \n505:   /// @notice Withdraw staked tokens from an existing deposit on behalf of a user, using a\n506:   /// signature to validate the user's intent.\n507:   /// @param _depositId Unique identifier of the deposit from which stake will be withdrawn.\n508:   /// @param _amount Quantity of staked token to withdraw.\n509:   /// @param _depositor Address of the user on whose behalf this stake is being made.\n510:   /// @param _signature Signature of the user authorizing this stake.\n511:   /// @dev Stake is withdrawn to the deposit owner's account.\n512:   function withdrawOnBehalf(\n513:     DepositIdentifier _depositId,\n514:     uint256 _amount,\n515:     address _depositor,\n516:     bytes memory _signature\n517:   ) external {\n518:     Deposit storage deposit = deposits[_depositId];\n519:     _revertIfNotDepositOwner(deposit, _depositor);\n520: \n521:     _revertIfSignatureIsNotValidNow(\n522:       _depositor,\n523:       _hashTypedDataV4(\n524:         keccak256(\n525:           abi.encode(WITHDRAW_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor))\n526:         )\n527:       ),\n528:       _signature\n529:     );\n530: \n531:     _withdraw(deposit, _depositId, _amount);\n532:   }\n533: \n534:   /// @notice Claim reward tokens the message sender has earned as a stake beneficiary. Tokens are\n535:   /// sent to the message sender.\n536:   function claimReward() external {\n537:     _claimReward(msg.sender);\n538:   }\n539: \n540:   /// @notice Claim earned reward tokens for a beneficiary, using a signature to validate the\n541:   /// beneficiary's intent. Tokens are sent to the beneficiary.\n542:   /// @param _beneficiary Address of the beneficiary who will receive the reward.\n543:   /// @param _signature Signature of the beneficiary authorizing this reward claim.\n544:   function claimRewardOnBehalf(address _beneficiary, bytes memory _signature) external {\n545:     _revertIfSignatureIsNotValidNow(\n546:       _beneficiary,\n547:       _hashTypedDataV4(\n548:         keccak256(abi.encode(CLAIM_REWARD_TYPEHASH, _beneficiary, _useNonce(_beneficiary)))\n549:       ),\n550:       _signature\n551:     );\n552:     _claimReward(_beneficiary);\n553:   }\n554: \n555:   /// @notice Called by an authorized rewards notifier to alert the staking contract that a new\n556:   /// reward has been transferred to it. It is assumed that the reward has already been\n557:   /// transferred to this staking contract before the rewards notifier calls this method.\n558:   /// @param _amount Quantity of reward tokens the staking contract is being notified of.\n559:   /// @dev It is critical that only well behaved contracts are approved by the admin to call this\n560:   /// method, for two reasons.\n561:   ///\n562:   /// 1. A misbehaving contract could grief stakers by frequently notifying this contract of tiny\n563:   ///    rewards, thereby continuously stretching out the time duration over which real rewards are\n564:   ///    distributed. It is required that reward notifiers supply reasonable rewards at reasonable\n565:   ///    intervals.\n566:   //  2. A misbehaving contract could falsely notify this contract of rewards that were not actually\n567:   ///    distributed, creating a shortfall for those claiming their rewards after others. It is\n568:   ///    required that a notifier contract always transfers the `_amount` to this contract before\n569:   ///    calling this method.\n570:   function notifyRewardAmount(uint256 _amount) external {\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender);\n572: \n573:     // We checkpoint the accumulator without updating the timestamp at which it was updated, because\n574:     // that second operation will be done after updating the reward rate.\n575:     rewardPerTokenAccumulatedCheckpoint = rewardPerTokenAccumulated();\n576: \n577:     if (block.timestamp >= rewardEndTime) {\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION;\n579:     } else {\n580:       uint256 _remainingReward = scaledRewardRate * (rewardEndTime - block.timestamp);\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION;\n582:     }\n583: \n584:     rewardEndTime = block.timestamp + REWARD_DURATION;\n585:     lastCheckpointTime = block.timestamp;\n586: \n587:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate();\n588: \n589:     // This check cannot _guarantee_ sufficient rewards have been transferred to the contract,\n590:     // because it cannot isolate the unclaimed rewards owed to stakers left in the balance. While\n591:     // this check is useful for preventing degenerate cases, it is not sufficient. Therefore, it is\n592:     // critical that only safe reward notifier contracts are approved to call this method by the\n593:     // admin.\n594:     if (\n595:       (scaledRewardRate * REWARD_DURATION) > (REWARD_TOKEN.balanceOf(address(this)) * SCALE_FACTOR)\n596:     ) revert UniStaker__InsufficientRewardBalance();\n597: \n598:     emit RewardNotified(_amount, msg.sender);\n599:   }\n600: \n601:   /// @notice Internal method which finds the existing surrogate contract—or deploys a new one if\n602:   /// none exists—for a given delegatee.\n603:   /// @param _delegatee Account for which a surrogate is sought.\n604:   /// @return _surrogate The address of the surrogate contract for the delegatee.\n605:   function _fetchOrDeploySurrogate(address _delegatee)\n606:     internal\n607:     returns (DelegationSurrogate _surrogate)\n608:   {\n609:     _surrogate = surrogates[_delegatee];\n610: \n611:     if (address(_surrogate) == address(0)) {\n612:       _surrogate = new DelegationSurrogate(STAKE_TOKEN, _delegatee);\n613:       surrogates[_delegatee] = _surrogate;\n614:       emit SurrogateDeployed(_delegatee, address(_surrogate));\n615:     }\n616:   }\n617: \n618:   /// @notice Internal convenience method which calls the `transferFrom` method on the stake token\n619:   /// contract and reverts on failure.\n620:   /// @param _from Source account from which stake token is to be transferred.\n621:   /// @param _to Destination account of the stake token which is to be transferred.\n622:   /// @param _value Quantity of stake token which is to be transferred.\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal {\n624:     SafeERC20.safeTransferFrom(IERC20(address(STAKE_TOKEN)), _from, _to, _value);\n625:   }\n626: \n627:   /// @notice Internal method which generates and returns a unique, previously unused deposit\n628:   /// identifier.\n629:   /// @return _depositId Previously unused deposit identifier.\n630:   function _useDepositId() internal returns (DepositIdentifier _depositId) {\n631:     _depositId = nextDepositId;\n632:     nextDepositId = DepositIdentifier.wrap(DepositIdentifier.unwrap(_depositId) + 1);\n633:   }\n634: \n635:   /// @notice Internal convenience methods which performs the staking operations.\n636:   /// @dev This method must only be called after proper authorization has been completed.\n637:   /// @dev See public stake methods for additional documentation.\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   {\n642:     _revertIfAddressZero(_delegatee);\n643:     _revertIfAddressZero(_beneficiary);\n644: \n645:     _checkpointGlobalReward();\n646:     _checkpointReward(_beneficiary);\n647: \n648:     DelegationSurrogate _surrogate = _fetchOrDeploySurrogate(_delegatee);\n649:     _depositId = _useDepositId();\n650: \n651:     totalStaked += _amount;\n652:     depositorTotalStaked[_depositor] += _amount;\n653:     earningPower[_beneficiary] += _amount;\n654:     deposits[_depositId] = Deposit({\n655:       balance: _amount,\n656:       owner: _depositor,\n657:       delegatee: _delegatee,\n658:       beneficiary: _beneficiary\n659:     });\n660:     _stakeTokenSafeTransferFrom(_depositor, address(_surrogate), _amount);\n661:     emit StakeDeposited(_depositor, _depositId, _amount, _amount);\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary);\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee);\n664:   }\n665: \n666:   /// @notice Internal convenience method which adds more stake to an existing deposit.\n667:   /// @dev This method must only be called after proper authorization has been completed.\n668:   /// @dev See public stakeMore methods for additional documentation.\n669:   function _stakeMore(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n670:     internal\n671:   {\n672:     _checkpointGlobalReward();\n673:     _checkpointReward(deposit.beneficiary);\n674: \n675:     DelegationSurrogate _surrogate = surrogates[deposit.delegatee];\n676: \n677:     totalStaked += _amount;\n678:     depositorTotalStaked[deposit.owner] += _amount;\n679:     earningPower[deposit.beneficiary] += _amount;\n680:     deposit.balance += _amount;\n681:     _stakeTokenSafeTransferFrom(deposit.owner, address(_surrogate), _amount);\n682:     emit StakeDeposited(deposit.owner, _depositId, _amount, deposit.balance);\n683:   }\n684: \n685:   /// @notice Internal convenience method which alters the delegatee of an existing deposit.\n686:   /// @dev This method must only be called after proper authorization has been completed.\n687:   /// @dev See public alterDelegatee methods for additional documentation.\n688:   function _alterDelegatee(\n689:     Deposit storage deposit,\n690:     DepositIdentifier _depositId,\n691:     address _newDelegatee\n692:   ) internal {\n693:     _revertIfAddressZero(_newDelegatee);\n694:     DelegationSurrogate _oldSurrogate = surrogates[deposit.delegatee];\n695:     emit DelegateeAltered(_depositId, deposit.delegatee, _newDelegatee);\n696:     deposit.delegatee = _newDelegatee;\n697:     DelegationSurrogate _newSurrogate = _fetchOrDeploySurrogate(_newDelegatee);\n698:     _stakeTokenSafeTransferFrom(address(_oldSurrogate), address(_newSurrogate), deposit.balance);\n699:   }\n700: \n701:   /// @notice Internal convenience method which alters the beneficiary of an existing deposit.\n702:   /// @dev This method must only be called after proper authorization has been completed.\n703:   /// @dev See public alterBeneficiary methods for additional documentation.\n704:   function _alterBeneficiary(\n705:     Deposit storage deposit,\n706:     DepositIdentifier _depositId,\n707:     address _newBeneficiary\n708:   ) internal {\n709:     _revertIfAddressZero(_newBeneficiary);\n710:     _checkpointGlobalReward();\n711:     _checkpointReward(deposit.beneficiary);\n712:     earningPower[deposit.beneficiary] -= deposit.balance;\n713: \n714:     _checkpointReward(_newBeneficiary);\n715:     emit BeneficiaryAltered(_depositId, deposit.beneficiary, _newBeneficiary);\n716:     deposit.beneficiary = _newBeneficiary;\n717:     earningPower[_newBeneficiary] += deposit.balance;\n718:   }\n719: \n720:   /// @notice Internal convenience method which withdraws the stake from an existing deposit.\n721:   /// @dev This method must only be called after proper authorization has been completed.\n722:   /// @dev See public withdraw methods for additional documentation.\n723:   function _withdraw(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n724:     internal\n725:   {\n726:     _checkpointGlobalReward();\n727:     _checkpointReward(deposit.beneficiary);\n728: \n729:     deposit.balance -= _amount; // overflow prevents withdrawing more than balance\n730:     totalStaked -= _amount;\n731:     depositorTotalStaked[deposit.owner] -= _amount;\n732:     earningPower[deposit.beneficiary] -= _amount;\n733:     _stakeTokenSafeTransferFrom(address(surrogates[deposit.delegatee]), deposit.owner, _amount);\n734:     emit StakeWithdrawn(_depositId, _amount, deposit.balance);\n735:   }\n736: \n737:   /// @notice Internal convenience method which claims earned rewards.\n738:   /// @dev This method must only be called after proper authorization has been completed.\n739:   /// @dev See public claimReward methods for additional documentation.\n740:   function _claimReward(address _beneficiary) internal {\n741:     _checkpointGlobalReward();\n742:     _checkpointReward(_beneficiary);\n743: \n744:     uint256 _reward = unclaimedRewardCheckpoint[_beneficiary];\n745:     if (_reward == 0) return;\n746:     unclaimedRewardCheckpoint[_beneficiary] = 0;\n747:     emit RewardClaimed(_beneficiary, _reward);\n748: \n749:     SafeERC20.safeTransfer(REWARD_TOKEN, _beneficiary, _reward);\n750:   }\n751: \n752:   /// @notice Checkpoints the global reward per token accumulator.\n753:   function _checkpointGlobalReward() internal {\n754:     rewardPerTokenAccumulatedCheckpoint = rewardPerTokenAccumulated();\n755:     lastCheckpointTime = lastTimeRewardDistributed();\n756:   }\n757: \n758:   /// @notice Checkpoints the unclaimed rewards and reward per token accumulator of a given\n759:   /// beneficiary account.\n760:   /// @param _beneficiary The account for which reward parameters will be checkpointed.\n761:   /// @dev This is a sensitive internal helper method that must only be called after global rewards\n762:   /// accumulator has been checkpointed. It assumes the global `rewardPerTokenCheckpoint` is up to\n763:   /// date.\n764:   function _checkpointReward(address _beneficiary) internal {\n765:     unclaimedRewardCheckpoint[_beneficiary] = unclaimedReward(_beneficiary);\n766:     beneficiaryRewardPerTokenCheckpoint[_beneficiary] = rewardPerTokenAccumulatedCheckpoint;\n767:   }\n768: \n769:   /// @notice Internal helper method which sets the admin address.\n770:   /// @param _newAdmin Address of the new admin.\n771:   function _setAdmin(address _newAdmin) internal {\n772:     _revertIfAddressZero(_newAdmin);\n773:     emit AdminSet(admin, _newAdmin);\n774:     admin = _newAdmin;\n775:   }\n776: \n777:   /// @notice Internal helper method which reverts UniStaker__Unauthorized if the message sender is\n778:   /// not the admin.\n779:   function _revertIfNotAdmin() internal view {\n780:     if (msg.sender != admin) revert UniStaker__Unauthorized(\"not admin\", msg.sender);\n781:   }\n782: \n783:   /// @notice Internal helper method which reverts UniStaker__Unauthorized if the alleged owner is\n784:   /// not the true owner of the deposit.\n785:   /// @param deposit Deposit to validate.\n786:   /// @param owner Alleged owner of deposit.\n787:   function _revertIfNotDepositOwner(Deposit storage deposit, address owner) internal view {\n788:     if (owner != deposit.owner) revert UniStaker__Unauthorized(\"not owner\", owner);\n789:   }\n790: \n791:   /// @notice Internal helper method which reverts with UniStaker__InvalidAddress if the account in\n792:   /// question is address zero.\n793:   /// @param _account Account to verify.\n794:   function _revertIfAddressZero(address _account) internal pure {\n795:     if (_account == address(0)) revert UniStaker__InvalidAddress();\n796:   }\n797: \n798:   /// @notice Internal helper method which reverts with UniStaker__InvalidSignature if the signature\n799:   /// is invalid.\n800:   /// @param _signer Address of the signer.\n801:   /// @param _hash Hash of the message.\n802:   /// @param _signature Signature to validate.\n803:   function _revertIfSignatureIsNotValidNow(address _signer, bytes32 _hash, bytes memory _signature)\n804:     internal\n805:     view\n806:   {\n807:     bool _isValid = SignatureChecker.isValidSignatureNow(_signer, _hash, _signature);\n808:     if (!_isValid) revert UniStaker__InvalidSignature();\n809:   }\n810: }\n811: \n\n```\n",
          "loc": [
            "[1](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L1-L1)"
          ]
        },
        {
          "content": "```solidity\n1: // SPDX-License-Identifier: AGPL-3.0-only\n2: pragma solidity 0.8.23;\n3: \n4: import {IUniswapV3PoolOwnerActions} from \"src/interfaces/IUniswapV3PoolOwnerActions.sol\";\n5: import {IUniswapV3FactoryOwnerActions} from \"src/interfaces/IUniswapV3FactoryOwnerActions.sol\";\n6: import {INotifiableRewardReceiver} from \"src/interfaces/INotifiableRewardReceiver.sol\";\n7: import {IERC20} from \"openzeppelin/token/ERC20/IERC20.sol\";\n8: import {SafeERC20} from \"openzeppelin/token/ERC20/utils/SafeERC20.sol\";\n9: \n10: /// @title V3FactoryOwner\n11: /// @author ScopeLift\n12: /// @notice A contract that can serve as the owner of the Uniswap v3 factory. This contract itself\n13: /// has an admin. That admin retains the exclusive right to call privileged methods on the v3\n14: /// factory, and on pools which it has deployed, via passthrough methods. This includes the ability\n15: /// to enable fee amounts on the factory, and set protocol fees on individual pools. The admin can\n16: /// also set a new admin.\n17: ///\n18: /// One privileged function that is _not_ reserved exclusively for the admin is the ability to\n19: /// collect protocol fees from a pool. This method is instead exposed publicly by this contract's\n20: /// `claimFees` method. That method collects fees from the protocol as long as the caller pays for\n21: /// them with a transfer of a designated amount of a designated token. That payout is forwarded\n22: /// to a reward receiver.\n23: ///\n24: /// In the context of the broader system, it is expected that this contract's REWARD_RECEIVER is\n25: /// a deployment of the `UniStaker` contract. It is expected the admin of this contract will be the\n26: /// Uniswap Governance timelock. It is expected governance will transfer\n27: /// ownership of the factory to an instance of this contract, and turn on protocol fees for select\n28: /// pools. It is also expected a competitive market of seekers will emerge racing to \"buy\" the fees\n29: /// for an arbitrage opportunity.\n30: contract V3FactoryOwner {\n31:   using SafeERC20 for IERC20;\n32: \n33:   /// @notice Emitted when a user pays the payout and claims the fees from a given v3 pool.\n34:   /// @param pool The v3 pool from which protocol fees were claimed.\n35:   /// @param caller The address which executes the call to claim the fees.\n36:   /// @param recipient The address to which the claimed pool fees are sent.\n37:   /// @param amount0 The raw amount of token0 fees claimed from the pool.\n38:   /// @param amount1 The raw amount token1 fees claimed from the pool.\n39:   event FeesClaimed(\n40:     address indexed pool,\n41:     address indexed caller,\n42:     address indexed recipient,\n43:     uint256 amount0,\n44:     uint256 amount1\n45:   );\n46: \n47:   /// @notice Emitted when the existing admin designates a new address as the admin.\n48:   event AdminSet(address indexed oldAmin, address indexed newAdmin);\n49: \n50:   /// @notice Emitted when the admin updates the payout amount.\n51:   event PayoutAmountSet(uint256 indexed oldPayoutAmount, uint256 indexed newPayoutAmount);\n52: \n53:   /// @notice Thrown when an unauthorized account calls a privileged function.\n54:   error V3FactoryOwner__Unauthorized();\n55: \n56:   /// @notice Thrown if the proposed admin is the zero address.\n57:   error V3FactoryOwner__InvalidAddress();\n58: \n59:   /// @notice Thrown if the proposed payout amount is zero.\n60:   error V3FactoryOwner__InvalidPayoutAmount();\n61: \n62:   /// @notice Thrown when the fees collected from a pool are less than the caller expects.\n63:   error V3FactoryOwner__InsufficientFeesCollected();\n64: \n65:   /// @notice The instance of the Uniswap v3 factory contract which this contract will own.\n66:   IUniswapV3FactoryOwnerActions public immutable FACTORY;\n67: \n68:   /// @notice The ERC-20 token which must be used to pay for fees when claiming pool fees.\n69:   IERC20 public immutable PAYOUT_TOKEN;\n70: \n71:   /// @notice The raw amount of the payout token which is paid by a user when claiming pool fees.\n72:   uint256 public payoutAmount;\n73: \n74:   /// @notice The contract that receives the payout and is notified via method call, when pool fees\n75:   /// are claimed.\n76:   INotifiableRewardReceiver public immutable REWARD_RECEIVER;\n77: \n78:   /// @notice The address that can call privileged methods, including passthrough owner functions\n79:   /// to the factory itself.\n80:   address public admin;\n81: \n82:   /// @param _admin The initial admin address for this deployment. Cannot be zero address.\n83:   /// @param _factory The v3 factory instance for which this deployment will serve as owner.\n84:   /// @param _payoutToken The ERC-20 token in which payouts will be denominated.\n85:   /// @param _payoutAmount The initial raw amount of the payout token required to claim fees from\n86:   /// a pool.\n87:   /// @param _rewardReceiver The contract that will receive the payout when fees are claimed.\n88:   constructor(\n89:     address _admin,\n90:     IUniswapV3FactoryOwnerActions _factory,\n91:     IERC20 _payoutToken,\n92:     uint256 _payoutAmount,\n93:     INotifiableRewardReceiver _rewardReceiver\n94:   ) {\n95:     if (_admin == address(0)) revert V3FactoryOwner__InvalidAddress();\n96:     if (_payoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount();\n97: \n98:     admin = _admin;\n99:     FACTORY = _factory;\n100:     PAYOUT_TOKEN = _payoutToken;\n101:     payoutAmount = _payoutAmount;\n102:     REWARD_RECEIVER = _rewardReceiver;\n103: \n104:     emit AdminSet(address(0), _admin);\n105:     emit PayoutAmountSet(0, _payoutAmount);\n106:   }\n107: \n108:   /// @notice Pass the admin role to a new address. Must be called by the existing admin.\n109:   /// @param _newAdmin The address that will be the admin after this call completes.\n110:   function setAdmin(address _newAdmin) external {\n111:     _revertIfNotAdmin();\n112:     if (_newAdmin == address(0)) revert V3FactoryOwner__InvalidAddress();\n113:     emit AdminSet(admin, _newAdmin);\n114:     admin = _newAdmin;\n115:   }\n116: \n117:   /// @notice Update the payout amount to a new value. Must be called by admin.\n118:   /// @param _newPayoutAmount The value that will be the new payout amount.\n119:   function setPayoutAmount(uint256 _newPayoutAmount) external {\n120:     _revertIfNotAdmin();\n121:     if (_newPayoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount();\n122:     emit PayoutAmountSet(payoutAmount, _newPayoutAmount);\n123:     payoutAmount = _newPayoutAmount;\n124:   }\n125: \n126:   /// @notice Passthrough method that enables a fee amount on the factory. Must be called by the\n127:   /// admin.\n128:   /// @param _fee The fee param to forward to the factory.\n129:   /// @param _tickSpacing The tick spacing param to forward to the factory.\n130:   /// @dev See docs on IUniswapV3FactoryOwnerActions for more information on forwarded params.\n131:   function enableFeeAmount(uint24 _fee, int24 _tickSpacing) external {\n132:     _revertIfNotAdmin();\n133:     FACTORY.enableFeeAmount(_fee, _tickSpacing);\n134:   }\n135: \n136:   /// @notice Passthrough method that sets the protocol fee on a v3 pool. Must be called by the\n137:   /// admin.\n138:   /// @param _pool The Uniswap v3 pool on which the protocol fee is being set.\n139:   /// @param _feeProtocol0 The fee protocol 0 param to forward to the pool.\n140:   /// @param _feeProtocol1 The fee protocol 1 parm to forward to the pool.\n141:   /// @dev See docs on IUniswapV3PoolOwnerActions for more information on forwarded params.\n142:   function setFeeProtocol(\n143:     IUniswapV3PoolOwnerActions _pool,\n144:     uint8 _feeProtocol0,\n145:     uint8 _feeProtocol1\n146:   ) external {\n147:     _revertIfNotAdmin();\n148:     _pool.setFeeProtocol(_feeProtocol0, _feeProtocol1);\n149:   }\n150: \n151:   /// @notice Public method that allows any caller to claim the protocol fees accrued by a given\n152:   /// Uniswap v3 pool contract. Caller must pre-approve this factory owner contract on the payout\n153:   /// token contract for at least the payout amount, which is transferred from the caller to the\n154:   /// reward receiver. The reward receiver is \"notified\" of the payout via a method call. The\n155:   /// protocol fees collected are sent to a receiver of the caller's specification.\n156:   ///\n157:   /// A quick example can help illustrate why an external party, such as an MEV searcher, would be\n158:   /// incentivized to call this method. Imagine, purely for the sake of example, that protocol fees\n159:   /// have been activated for the USDC/USDT stablecoin v3 pool. Imagine also the payout token and\n160:   /// payout amount are WETH and 10e18 respectively. Finally, assume the spot USD price of ETH is\n161:   /// $2,500, and both stablecoins are trading at their $1 peg. As regular users trade against the\n162:   /// USDC/USDT pool, protocol fees amass in the pool contract in both stablecoins. Once the fees\n163:   /// in the pool total more than 25,000 in stablecoins, it becomes profitable for an external\n164:   /// party to arbitrage the fees by calling this method, paying 10 WETH (worth $25K) and getting\n165:   /// more than $25K worth of stablecoins. (This ignores other details, which real searchers would\n166:   /// take into consideration, such as the gas/builder fee they would pay to call the method).\n167:   ///\n168:   /// The same mechanic applies regardless of what the pool currencies, payout token, or payout\n169:   /// amount are. Effectively, as each pool accrues fees, it eventually becomes possible to \"buy\"\n170:   /// the pool fees for less than they are valued by \"paying\" the the payout amount of the payout\n171:   /// token.\n172:   /// @param _pool The Uniswap v3 pool contract from which protocol fees are being collected.\n173:   /// @param _recipient The address to which collected protocol fees will be transferred.\n174:   /// @param _amount0Requested The amount0Requested param to forward to the pool's collectProtocol\n175:   /// method.\n176:   /// @param _amount1Requested The amount1Requested param to forward to the pool's collectProtocol\n177:   /// method.\n178:   /// @return _amount0 The amount0 fees collected, returned by the pool's collectProtocol method.\n179:   /// @return _amount1 The amount1 fees collected, returned by the pool's collectProtocol method.\n180:   /// @dev See docs on IUniswapV3PoolOwnerActions for more information on forwarded params.\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount);\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) =\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested);\n191: \n192:     // Protect the caller from receiving less than requested. See `collectProtocol` for context.\n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) {\n194:       revert V3FactoryOwner__InsufficientFeesCollected();\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1);\n197:     return (_amount0, _amount1);\n198:   }\n199: \n200:   /// @notice Ensures the msg.sender is the contract admin and reverts otherwise.\n201:   /// @dev Place inside external methods to make them admin-only.\n202:   function _revertIfNotAdmin() internal view {\n203:     if (msg.sender != admin) revert V3FactoryOwner__Unauthorized();\n204:   }\n205: }\n206: \n\n```\n",
          "loc": [
            "[1](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L1-L1)"
          ]
        },
        {
          "content": "```solidity\n1: // SPDX-License-Identifier: AGPL-3.0-only\n2: pragma solidity ^0.8.23;\n3: \n4: /// @notice A subset of the ERC20Votes-style governance token to which UNI conforms.\n5: /// Methods related to standard ERC20 functionality and to delegation are included.\n6: /// These methods are needed in the context of this system. Methods related to check pointing,\n7: /// past voting weights, and other functionality are omitted.\n8: interface IERC20Delegates {\n9:   // ERC20 related methods\n10:   function allowance(address account, address spender) external view returns (uint256);\n11:   function approve(address spender, uint256 rawAmount) external returns (bool);\n12:   function balanceOf(address account) external view returns (uint256);\n13:   function decimals() external view returns (uint8);\n14:   function symbol() external view returns (string memory);\n15:   function totalSupply() external view returns (uint256);\n16:   function transfer(address dst, uint256 rawAmount) external returns (bool);\n17:   function transferFrom(address src, address dst, uint256 rawAmount) external returns (bool);\n18:   function permit(\n19:     address owner,\n20:     address spender,\n21:     uint256 rawAmount,\n22:     uint256 deadline,\n23:     uint8 v,\n24:     bytes32 r,\n25:     bytes32 s\n26:   ) external;\n27: \n28:   // ERC20Votes delegation methods\n29:   function delegate(address delegatee) external;\n30:   function delegates(address) external view returns (address);\n31: }\n32: \n\n```\n",
          "loc": [
            "[1](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L1-L1)"
          ]
        },
        {
          "content": "```solidity\n1: // SPDX-License-Identifier: AGPL-3.0-only\n2: pragma solidity 0.8.23;\n3: \n4: import {IERC20Delegates} from \"src/interfaces/IERC20Delegates.sol\";\n5: \n6: /// @title DelegationSurrogate\n7: /// @author ScopeLift\n8: /// @notice A dead-simple contract whose only purpose is to hold governance tokens on behalf of\n9: /// users while delegating voting power to one specific delegatee. This is needed because a single\n10: /// address can only delegate its (full) token weight to a single address at a time. Thus, when a\n11: /// contract holds governance tokens in a pool on behalf of disparate token holders, those holders\n12: /// are typically disenfranchised from their governance rights.\n13: ///\n14: /// If a pool contract deploys a DelegationSurrogate for each delegatee, and transfers each\n15: /// depositor's tokens to the appropriate  surrogate—or deploys it on their behalf—users can retain\n16: /// their governance rights.\n17: ///\n18: /// The pool contract deploying the surrogates must handle all accounting. The surrogate simply\n19: /// delegates its voting weight and max-approves its deployer to allow tokens to be reclaimed.\n20: contract DelegationSurrogate {\n21:   /// @param _token The governance token that will be held by this surrogate\n22:   /// @param _delegatee The address of the would-be voter to which this surrogate will delegate its\n23:   /// voting weight. 100% of all voting tokens held by this surrogate will be delegated to this\n24:   /// address.\n25:   constructor(IERC20Delegates _token, address _delegatee) {\n26:     _token.delegate(_delegatee);\n27:     _token.approve(msg.sender, type(uint256).max);\n28:   }\n29: }\n30: \n\n```\n",
          "loc": [
            "[1](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L1-L1)"
          ]
        },
        {
          "content": "```solidity\n1: // SPDX-License-Identifier: GPL-2.0-or-later\n2: pragma solidity ^0.8.23;\n3: \n4: /// @title Permissioned pool actions\n5: /// @notice Contains pool methods that may only be called by the factory owner\n6: /// @dev Vendored from\n7: /// https://github.com/Uniswap/v3-core/blob/d8b1c635c275d2a9450bd6a78f3fa2484fef73eb/contracts/interfaces/pool/IUniswapV3PoolOwnerActions.sol\n8: interface IUniswapV3PoolOwnerActions {\n9:   /// @notice Set the denominator of the protocol's % share of the fees\n10:   /// @param feeProtocol0 new protocol fee for token0 of the pool\n11:   /// @param feeProtocol1 new protocol fee for token1 of the pool\n12:   function setFeeProtocol(uint8 feeProtocol0, uint8 feeProtocol1) external;\n13: \n14:   /// @notice Collect the protocol fee accrued to the pool\n15:   /// @param recipient The address to which collected protocol fees should be sent\n16:   /// @param amount0Requested The maximum amount of token0 to send, can be 0 to collect fees in only\n17:   /// token1\n18:   /// @param amount1Requested The maximum amount of token1 to send, can be 0 to collect fees in only\n19:   /// token0\n20:   /// @return amount0 The protocol fee collected in token0\n21:   /// @return amount1 The protocol fee collected in token1\n22:   function collectProtocol(address recipient, uint128 amount0Requested, uint128 amount1Requested)\n23:     external\n24:     returns (uint128 amount0, uint128 amount1);\n25: }\n26: \n\n```\n",
          "loc": [
            "[1](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3PoolOwnerActions.sol#L1-L1)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Contracts should have full test coverage",
      "description": "Attaining 100% code coverage is not an assurance of a bug-free codebase, but it significantly improves the likelihood of identifying simple bugs and aids in maintaining a stable codebase by preventing regressions during code modifications. Additionally, to achieve complete coverage, code writers usually have to structure their code more modularly, which implies testing each component independently. This reduces the complex interdependencies between modules and layers, creating a more understandable and auditable codebase. Consequently, this practice aids in enhancing code maintainability and reduces the risk of introducing bugs during future changes.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces  // <= FOUND\n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner  // <= FOUND\n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate  // <= FOUND\n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider using named function calls",
      "description": "Named function calls in Solidity greatly improve code readability by explicitly mapping arguments to their respective parameter names. This clarity becomes critical when dealing with functions that have numerous or complex parameters, reducing potential errors due to misordered arguments. Therefore, adopting named function calls contributes to more maintainable and less error-prone code.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n333:     _depositId = _stake(_depositor, _amount, _delegatee, _beneficiary); // <= FOUND\n\n```\n",
          "loc": [
            "[333](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L333-L333)"
          ]
        },
        {
          "content": "```solidity\n345:     _stakeMore(deposit, _depositId, _amount); // <= FOUND\n\n```\n",
          "loc": [
            "[345](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L345-L345)"
          ]
        },
        {
          "content": "```solidity\n345: \n346:     _stakeMore(deposit, _depositId, _amount); // <= FOUND\n\n```\n",
          "loc": [
            "[345](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L345-L346)"
          ]
        },
        {
          "content": "```solidity\n413:     _alterDelegatee(deposit, _depositId, _newDelegatee); // <= FOUND\n\n```\n",
          "loc": [
            "[413](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L413-L413)"
          ]
        },
        {
          "content": "```solidity\n413: \n414:     _alterDelegatee(deposit, _depositId, _newDelegatee); // <= FOUND\n\n```\n",
          "loc": [
            "[413](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L413-L414)"
          ]
        },
        {
          "content": "```solidity\n456:     _alterBeneficiary(deposit, _depositId, _newBeneficiary); // <= FOUND\n\n```\n",
          "loc": [
            "[456](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L456-L456)"
          ]
        },
        {
          "content": "```solidity\n456: \n457:     _alterBeneficiary(deposit, _depositId, _newBeneficiary); // <= FOUND\n\n```\n",
          "loc": [
            "[456](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L456-L457)"
          ]
        },
        {
          "content": "```solidity\n502:     _withdraw(deposit, _depositId, _amount); // <= FOUND\n\n```\n",
          "loc": [
            "[502](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L502-L502)"
          ]
        },
        {
          "content": "```solidity\n502: \n503:     _withdraw(deposit, _depositId, _amount); // <= FOUND\n\n```\n",
          "loc": [
            "[502](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L502-L503)"
          ]
        },
        {
          "content": "```solidity\n660:     _stakeTokenSafeTransferFrom(_depositor, address(_surrogate), _amount); // <= FOUND\n\n```\n",
          "loc": [
            "[660](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L660-L660)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Lack Of Brace Spacing",
      "description": "Lack of brace spacing in coding refers to the absence of spaces around braces, which can hinder code readability. In Solidity, as in many programming languages, spacing can enhance the visual distinction between different parts of the code, making it easier to follow. A lack of spacing can lead to a dense, confusing appearance. The resolution to this issue is to follow a consistent style guide that defines rules for brace spacing. By including spaces around braces, such as `{ statement }` instead of `{statement}`, developers can ensure that the code is more legible and maintainable, especially in larger codebases.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n4: \n5: import {DelegationSurrogate} from \"src/DelegationSurrogate.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L4-L5)"
          ]
        },
        {
          "content": "```solidity\n5: import {INotifiableRewardReceiver} from \"src/interfaces/INotifiableRewardReceiver.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[5](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L5-L5)"
          ]
        },
        {
          "content": "```solidity\n6: import {IERC20Delegates} from \"src/interfaces/IERC20Delegates.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[6](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L6-L6)"
          ]
        },
        {
          "content": "```solidity\n7: import {IERC20} from \"openzeppelin/token/ERC20/IERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[7](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L7-L7)"
          ]
        },
        {
          "content": "```solidity\n8: import {SafeERC20} from \"openzeppelin/token/ERC20/utils/SafeERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[8](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L8-L8)"
          ]
        },
        {
          "content": "```solidity\n9: import {Multicall} from \"openzeppelin/utils/Multicall.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[9](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L9-L9)"
          ]
        },
        {
          "content": "```solidity\n10: import {Nonces} from \"openzeppelin/utils/Nonces.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[10](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L10-L10)"
          ]
        },
        {
          "content": "```solidity\n11: import {SignatureChecker} from \"openzeppelin/utils/cryptography/SignatureChecker.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[11](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L11-L11)"
          ]
        },
        {
          "content": "```solidity\n12: import {EIP712} from \"openzeppelin/utils/cryptography/EIP712.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[12](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L12-L12)"
          ]
        },
        {
          "content": "```solidity\n4: \n5: import {IUniswapV3PoolOwnerActions} from \"src/interfaces/IUniswapV3PoolOwnerActions.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L4-L5)"
          ]
        },
        {
          "content": "```solidity\n5: import {IUniswapV3FactoryOwnerActions} from \"src/interfaces/IUniswapV3FactoryOwnerActions.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[5](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L5-L5)"
          ]
        },
        {
          "content": "```solidity\n6: \n7: import {IERC20Delegates} from \"src/interfaces/IERC20Delegates.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[6](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L6-L7)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "If statement control structures do not comply with best practices",
      "description": "If statements which include a single line do not need to have curly brackets, however according to the Solidiity style guide the line of code executed upon the if statement condition being met should still be on the next line, not on the same line as the if statement declaration.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n221:     if (rewardEndTime <= block.timestamp) return rewardEndTime; // <= FOUND\n\n```\n",
          "loc": [
            "[221](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L221-L221)"
          ]
        },
        {
          "content": "```solidity\n230:     if (totalStaked == 0) return rewardPerTokenAccumulatedCheckpoint; // <= FOUND\n\n```\n",
          "loc": [
            "[230](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L230-L230)"
          ]
        },
        {
          "content": "```solidity\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[571](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L571-L571)"
          ]
        },
        {
          "content": "```solidity\n587: \n588:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate(); // <= FOUND\n\n```\n",
          "loc": [
            "[587](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L587-L588)"
          ]
        },
        {
          "content": "```solidity\n594: \n600:     if ( // <= FOUND\n601:       (scaledRewardRate * REWARD_DURATION) > (REWARD_TOKEN.balanceOf(address(this)) * SCALE_FACTOR)\n602:     ) revert UniStaker__InsufficientRewardBalance(); // <= FOUND\n\n```\n",
          "loc": [
            "[594](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L594-L602)"
          ]
        },
        {
          "content": "```solidity\n745:     if (_reward == 0) return; // <= FOUND\n\n```\n",
          "loc": [
            "[745](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L745-L745)"
          ]
        },
        {
          "content": "```solidity\n780:     if (msg.sender != admin) revert UniStaker__Unauthorized(\"not admin\", msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[780](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L780-L780)"
          ]
        },
        {
          "content": "```solidity\n788:     if (owner != deposit.owner) revert UniStaker__Unauthorized(\"not owner\", owner); // <= FOUND\n\n```\n",
          "loc": [
            "[788](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L788-L788)"
          ]
        },
        {
          "content": "```solidity\n795:     if (_account == address(0)) revert UniStaker__InvalidAddress(); // <= FOUND\n\n```\n",
          "loc": [
            "[795](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L795-L795)"
          ]
        },
        {
          "content": "```solidity\n808:     if (!_isValid) revert UniStaker__InvalidSignature(); // <= FOUND\n\n```\n",
          "loc": [
            "[808](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L808-L808)"
          ]
        },
        {
          "content": "```solidity\n95:     if (_admin == address(0)) revert V3FactoryOwner__InvalidAddress(); // <= FOUND\n\n```\n",
          "loc": [
            "[95](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L95-L95)"
          ]
        },
        {
          "content": "```solidity\n96:     if (_payoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount(); // <= FOUND\n\n```\n",
          "loc": [
            "[96](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L96-L96)"
          ]
        },
        {
          "content": "```solidity\n112:     if (_newAdmin == address(0)) revert V3FactoryOwner__InvalidAddress(); // <= FOUND\n\n```\n",
          "loc": [
            "[112](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L112-L112)"
          ]
        },
        {
          "content": "```solidity\n121:     if (_newPayoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount(); // <= FOUND\n\n```\n",
          "loc": [
            "[121](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L121-L121)"
          ]
        },
        {
          "content": "```solidity\n203:     if (msg.sender != admin) revert V3FactoryOwner__Unauthorized(); // <= FOUND\n\n```\n",
          "loc": [
            "[203](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L203-L203)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Incorrect withdraw declaration",
      "description": "In Solidity, it's essential for clarity and interoperability to correctly specify return types in function declarations. If the `withdraw` function is expected to return a `bool` to indicate success or failure, its omission could lead to ambiguity or unexpected behavior when interacting with or calling this function from other contracts or off-chain systems. Missing return values can mislead developers and potentially lead to contract integrations built on incorrect assumptions. To resolve this, the function declaration for `withdraw` should be modified to explicitly include the `bool` return type, ensuring clarity and correctness in contract interactions.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n499:   function withdraw(DepositIdentifier _depositId, uint256 _amount) external  // <= FOUND\n\n```\n",
          "loc": [
            "[499](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L499-L499)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider adding formal verification proofs",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces  // <= FOUND\n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner  // <= FOUND\n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate  // <= FOUND\n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Missing events in sensitive functions",
      "description": "Sensitive setter functions in smart contracts often alter critical state variables. Without events emitted in these functions, external observers or dApps cannot easily track or react to these state changes. Missing events can obscure contract activity, hampering transparency and making integration more challenging. To resolve this, incorporate appropriate event emissions within these functions. Events offer an efficient way to log crucial changes, aiding in real-time tracking and post-transaction verification.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n201:   function setAdmin(address _newAdmin) external { // <= FOUND\n202:     _revertIfNotAdmin();\n203:     _setAdmin(_newAdmin);\n204:   }\n\n```\n",
          "loc": [
            "[201](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L201-L201)"
          ]
        },
        {
          "content": "```solidity\n142:   function setFeeProtocol( // <= FOUND\n143:     IUniswapV3PoolOwnerActions _pool,\n144:     uint8 _feeProtocol0,\n145:     uint8 _feeProtocol1\n146:   ) external {\n147:     _revertIfNotAdmin();\n148:     _pool.setFeeProtocol(_feeProtocol0, _feeProtocol1);\n149:   }\n\n```\n",
          "loc": [
            "[142](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L142-L142)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Ensure block.timestamp is only used in long time intervals",
      "description": "`block.timestamp` represents the current block's timestamp and can be influenced, within limits, by miners. For short time intervals, this malleability can be exploited, potentially allowing miners to manipulate contract behavior. For instance, they might fast-forward an expiration or delay an event. When designing smart contracts, if precise time checks are needed for short intervals, alternatives like block numbers can be considered. However, for longer durations where a few seconds of deviation is inconsequential, `block.timestamp` is generally safe and efficient. Always assess the implications of time manipulations for the specific use-case before utilizing `block.timestamp`. In practice, if you're using block.timestamp to measure intervals that are a matter of days, weeks, or longer, the potential manipulation by miners becomes less significant. Always prioritize the security and integrity of your smart contract operations when making these decisions.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n584: \n585:     rewardEndTime = block.timestamp + REWARD_DURATION; // <= FOUND\n\n```\n",
          "loc": [
            "[584](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L584-L585)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "It is best practice to use linear inheritance",
      "description": "In Solidity, complex inheritance structures can obfuscate code understanding, introducing potential security risks. Multiple inheritance, especially with overlapping function names or state variables, can cause unintentional overrides or ambiguous behavior. Resolution: Strive for linear and simple inheritance chains. Avoid diamond or circular inheritance patterns. Clearly document the purpose and relationships of base contracts, ensuring that overrides are intentional. Tools like Remix or Hardhat can visualize inheritance chains, assisting in verification. Keeping inheritance streamlined aids in better code readability, reduces potential errors, and ensures smoother audits and upgrades.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces  // <= FOUND\n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Create methods are suspicious of the reorg attack",
      "description": "\"Create\" methods, which deploy contracts via \" = new <contract>\", are at risk from re-org attacks since the derived contract address is solely based on the Factory's nonce. Re-orgs, chain reorganizations, can occur across all EVM chains. The vulnerability amplifies when deploying contracts on EVM-compatible L2 solutions like Arbitrum and Polygon, which are notably susceptible to re-org attacks. Ethereum, a primary deployment target, has already experienced re-org events.\n\nTo bolster security against re-org threats, developers are advised to use the `create2` method for contract deployments instead of the basic `create`. By using `create2` with a salt that includes `msg.sender`, the contract's address derivation becomes more predictable and less prone to unexpected changes due to re-orgs. This strategy not only provides a more consistent deployment pattern but also minimizes risks associated with potential blockchain reorganizations.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n605:   function _fetchOrDeploySurrogate(address _delegatee)\n606:     internal\n607:     returns (DelegationSurrogate _surrogate)\n608:   {\n609:     _surrogate = surrogates[_delegatee];\n610: \n611:     if (address(_surrogate) == address(0)) {\n612:       _surrogate = new DelegationSurrogate(STAKE_TOKEN, _delegatee); // <= FOUND\n613:       surrogates[_delegatee] = _surrogate;\n614:       emit SurrogateDeployed(_delegatee, address(_surrogate));\n615:     }\n616:   }\n\n```\n",
          "loc": [
            "[612](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L612-L612)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Superfluous parameter can only be one value",
      "description": "Using redundant parameters in smart contracts can lead to unnecessary complexity and potential vulnerabilities. When a function parameter is always constrained to a specific value due to an `if` or `require` statement, it renders the parameter superfluous. Including such parameters can be misleading to developers or users, suggesting a flexibility that doesn't exist in reality. Additionally, unnecessary parameters increase the gas cost for transactions. Resolution: Analyze the contract to identify parameters that are rendered static by conditional checks. Remove these parameters from the function signature and update the function logic accordingly. This simplifies the code, reduces gas costs, and enhances clarity and security.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n787:   function _revertIfNotDepositOwner(Deposit storage deposit, address owner) internal view { // <= FOUND\n788:     if (owner != deposit.owner) revert UniStaker__Unauthorized(\"not owner\", owner); // <= FOUND\n789:   }\n\n```\n",
          "loc": [
            "[787](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L787-L788)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Use the Modern Upgradeable Contract Paradigm",
      "description": "Modern smart contract development often employs upgradeable contract structures, utilizing proxy patterns like OpenZeppelin’s Upgradeable Contracts. This paradigm separates logic and state, allowing developers to amend and enhance the contract's functionality without altering its state or the deployed contract address. Transitioning to this approach enhances long-term maintainability.\n\n**Resolution**: Adopt a well-established proxy pattern for upgradeability, ensuring proper initialization and employing transparent proxies to mitigate potential risks. Embrace comprehensive testing and audit practices, particularly when updating contract logic, to ensure state consistency and security are preserved across upgrades. This ensures your contract remains robust and adaptable to future requirements.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces \n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner \n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate \n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Use a struct to encapsulate multiple function parameters",
      "description": "Using a struct to encapsulate multiple parameters in Solidity functions can significantly enhance code readability and maintainability. Instead of passing a long list of arguments, which can be error-prone and hard to manage, a struct allows grouping related data into a single, coherent entity. This approach simplifies function signatures and makes the code more organized. It also enhances code clarity, as developers can easily understand the relationship between the parameters. Moreover, it aids in future code modifications and expansions, as adding or modifying a parameter only requires changes in the struct definition, rather than in every function that uses these parameters.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n292:   function permitAndStake(\n293:     uint256 _amount, // <= FOUND\n294:     address _delegatee, // <= FOUND\n295:     address _beneficiary, // <= FOUND\n296:     uint256 _deadline, // <= FOUND\n297:     uint8 _v, // <= FOUND\n298:     bytes32 _r, // <= FOUND\n299:     bytes32 _s\n300:   ) external returns (DepositIdentifier _depositId) \n\n```\n",
          "loc": [
            "[293](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L293-L298)"
          ]
        },
        {
          "content": "```solidity\n315:   function stakeOnBehalf(\n316:     uint256 _amount, // <= FOUND\n317:     address _delegatee, // <= FOUND\n318:     address _beneficiary, // <= FOUND\n319:     address _depositor, // <= FOUND\n320:     bytes memory _signature\n321:   ) external returns (DepositIdentifier _depositId) \n\n```\n",
          "loc": [
            "[316](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L316-L319)"
          ]
        },
        {
          "content": "```solidity\n360:   function permitAndStakeMore(\n361:     DepositIdentifier _depositId, // <= FOUND\n362:     uint256 _amount, // <= FOUND\n363:     uint256 _deadline, // <= FOUND\n364:     uint8 _v, // <= FOUND\n365:     bytes32 _r, // <= FOUND\n366:     bytes32 _s\n367:   ) external \n\n```\n",
          "loc": [
            "[361](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L361-L365)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Using delete instead of setting mapping to 0 saves gas",
      "description": "",
      "gasSavings": 5,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n746:     unclaimedRewardCheckpoint[_beneficiary] = 0; // <= FOUND\n\n```\n",
          "loc": [
            "[746](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L746-L746)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider using a format prettier or forge fmt",
      "description": "Some comments use // X and others //X Amend comments to use only use // X or //X consistently such style inconsistencies can be resolved by running the project through a format prettier or by using forge fmt.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n4: /// // <= FOUND\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L4-L4)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Avoid defining a function in a single line including it's contents",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n10:   \n11:   function allowance(address account, address spender) external view returns (uint256); // <= FOUND\n\n```\n",
          "loc": [
            "[10](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L10-L11)"
          ]
        },
        {
          "content": "```solidity\n11:   function approve(address spender, uint256 rawAmount) external returns (bool); // <= FOUND\n\n```\n",
          "loc": [
            "[11](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L11-L11)"
          ]
        },
        {
          "content": "```solidity\n12:   function balanceOf(address account) external view returns (uint256); // <= FOUND\n\n```\n",
          "loc": [
            "[12](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L12-L12)"
          ]
        },
        {
          "content": "```solidity\n13:   function decimals() external view returns (uint8); // <= FOUND\n\n```\n",
          "loc": [
            "[13](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L13-L13)"
          ]
        },
        {
          "content": "```solidity\n14:   function symbol() external view returns (string memory); // <= FOUND\n\n```\n",
          "loc": [
            "[14](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L14-L14)"
          ]
        },
        {
          "content": "```solidity\n15:   function totalSupply() external view returns (uint256); // <= FOUND\n\n```\n",
          "loc": [
            "[15](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L15-L15)"
          ]
        },
        {
          "content": "```solidity\n16:   function transfer(address dst, uint256 rawAmount) external returns (bool); // <= FOUND\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L16-L16)"
          ]
        },
        {
          "content": "```solidity\n17:   function transferFrom(address src, address dst, uint256 rawAmount) external returns (bool); // <= FOUND\n\n```\n",
          "loc": [
            "[17](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L17-L17)"
          ]
        },
        {
          "content": "```solidity\n18:   function permit( // <= FOUND\n19:     address owner,\n20:     address spender,\n21:     uint256 rawAmount,\n22:     uint256 deadline,\n23:     uint8 v,\n24:     bytes32 r,\n25:     bytes32 s\n26:   ) external; // <= FOUND\n\n```\n",
          "loc": [
            "[18](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L18-L26)"
          ]
        },
        {
          "content": "```solidity\n29: \n31:   function delegate(address delegatee) external; // <= FOUND\n\n```\n",
          "loc": [
            "[29](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L29-L31)"
          ]
        },
        {
          "content": "```solidity\n30:   function delegates(address) external view returns (address); // <= FOUND\n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IERC20Delegates.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n13:   \n15:   function notifyRewardAmount(uint256 _amount) external; // <= FOUND\n\n```\n",
          "loc": [
            "[13](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/INotifiableRewardReceiver.sol#L13-L15)"
          ]
        },
        {
          "content": "```solidity\n13:   \n16:   function owner() external view returns (address); // <= FOUND\n\n```\n",
          "loc": [
            "[13](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L13-L16)"
          ]
        },
        {
          "content": "```solidity\n18: \n22:   function setOwner(address _owner) external; // <= FOUND\n\n```\n",
          "loc": [
            "[18](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L18-L22)"
          ]
        },
        {
          "content": "```solidity\n25: \n31:   function enableFeeAmount(uint24 fee, int24 tickSpacing) external; // <= FOUND\n\n```\n",
          "loc": [
            "[25](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L25-L31)"
          ]
        },
        {
          "content": "```solidity\n33: \n40:   function feeAmountTickSpacing(uint24 fee) external view returns (int24); // <= FOUND\n\n```\n",
          "loc": [
            "[33](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L33-L40)"
          ]
        },
        {
          "content": "```solidity\n12:   \n15:   function setFeeProtocol(uint8 feeProtocol0, uint8 feeProtocol1) external; // <= FOUND\n\n```\n",
          "loc": [
            "[12](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3PoolOwnerActions.sol#L12-L15)"
          ]
        },
        {
          "content": "```solidity\n22: \n31:   function collectProtocol(address recipient, uint128 amount0Requested, uint128 amount1Requested) // <= FOUND\n32:     external\n33:     returns (uint128 amount0, uint128 amount1); // <= FOUND\n\n```\n",
          "loc": [
            "[22](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3PoolOwnerActions.sol#L22-L33)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Use 'using' keyword when using specific imports rather than calling the specific import directly",
      "description": "In Solidity, the `using` keyword can streamline the use of library functions for specific types. Instead of calling library functions directly with their full import paths, you can declare a library once with `using` for a specific type. This approach makes your code more readable and concise. For example, instead of `LibraryName.functionName(variable)`, you would first declare `using LibraryName for TypeName;` at the contract level. After this, you can call library functions directly on variables of `TypeName` like `variable.functionName()`. This method not only enhances code clarity but also promotes cleaner and more organized code, especially when multiple functions from the same library are used frequently.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n624:     SafeERC20.safeTransferFrom(IERC20(address(STAKE_TOKEN)), _from, _to, _value); // <= FOUND 'SafeERC20.'\n\n```\n",
          "loc": [
            "[624](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L624-L624)"
          ]
        },
        {
          "content": "```solidity\n749: \n750:     SafeERC20.safeTransfer(REWARD_TOKEN, _beneficiary, _reward); // <= FOUND 'SafeERC20.'\n\n```\n",
          "loc": [
            "[749](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L749-L750)"
          ]
        },
        {
          "content": "```solidity\n807:     bool _isValid = SignatureChecker.isValidSignatureNow(_signer, _hash, _signature); // <= FOUND 'SignatureChecker.'\n\n```\n",
          "loc": [
            "[807](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L807-L807)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Avoid revertible function calls in a constructor",
      "description": "It is advisable to to perform validation within the constructor itself rather than in function calls it makes. This is because contract deployement may be performed through a frontend or manually so by having all of the validation conditions viewable in a single place allows for greater transparency during deployment for both the team and project users.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin)\n191:     EIP712(\"UniStaker\", \"1\")\n192:   {\n193:     REWARD_TOKEN = _rewardToken;\n194:     STAKE_TOKEN = _stakeToken;\n195:     _setAdmin(_admin); // <= FOUND\n196:   }\n\n```\n",
          "loc": [
            "[195](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L195-L195)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Upgradeable contract uses non-upgradeable version of the OpenZeppelin libraries/contracts",
      "description": "Using the upgradeable counterpart of the OpenZeppelin (OZ) library in Solidity is beneficial for creating contracts that can be updated in the future. OpenZeppelin's upgradeable contracts library is designed with proxy patterns in mind, which allow the logic of contracts to be upgraded while preserving the contract's state and address. This can be crucial for long-lived contracts where future requirements or improvements may not be fully known at the time of deployment. The upgradeable OZ contracts also include protection against a class of vulnerabilities related to initialization of storage variables in upgradeable contracts. Hence, it's a good idea to use them when developing contracts that may need to be upgraded in the future, as they provide a solid foundation for secure and upgradeable smart contracts.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n7: import {IERC20} from \"openzeppelin/token/ERC20/IERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[7](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L7-L7)"
          ]
        },
        {
          "content": "```solidity\n8: import {SafeERC20} from \"openzeppelin/token/ERC20/utils/SafeERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[8](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L8-L8)"
          ]
        },
        {
          "content": "```solidity\n11: import {SignatureChecker} from \"openzeppelin/utils/cryptography/SignatureChecker.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[11](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L11-L11)"
          ]
        },
        {
          "content": "```solidity\n9: import {Multicall} from \"openzeppelin/utils/Multicall.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[9](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L9-L9)"
          ]
        },
        {
          "content": "```solidity\n12: import {EIP712} from \"openzeppelin/utils/cryptography/EIP712.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[12](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L12-L12)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "All verbatim blocks are considered identical by deduplicator and can incorrectly be unified",
      "description": "The Solidity Team reported a bug on October 24, 2023, affecting Yul code using the verbatim builtin, specifically in the Block Deduplicator optimizer step. This bug, present since Solidity version 0.8.5, caused incorrect deduplication of verbatim assembly items surrounded by identical opcodes, considering them identical regardless of their data. The bug was confined to pure Yul compilation with optimization enabled and was unlikely to be exploited as an attack vector. The conditions triggering the bug were very specific, and its occurrence was deemed to have a low likelihood. The bug was rated with an overall low score due to these factors. ",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n2: pragma solidity 0.8.23; // <= FOUND\n\n```\n",
          "loc": [
            "[2](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L2-L2)"
          ]
        },
        {
          "content": "```solidity\n2: pragma solidity ^0.8.23; // <= FOUND\n\n```\n",
          "loc": [
            "[2](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L2-L2)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Constructors should emit an event",
      "description": "Emitting an event in a constructor of a smart contract provides transparency and traceability in blockchain applications. This event logs the contract’s creation, aiding in monitoring and verifying contract deployment. Although constructors are executed only once, the emitted event ensures the contract's initialization is recorded on the blockchain.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin) // <= FOUND\n191:     EIP712(\"UniStaker\", \"1\")\n192:   {\n193:     REWARD_TOKEN = _rewardToken;\n194:     STAKE_TOKEN = _stakeToken;\n195:     _setAdmin(_admin);\n196:   }\n\n```\n",
          "loc": [
            "[190](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L190-L190)"
          ]
        },
        {
          "content": "```solidity\n25:   constructor(IERC20Delegates _token, address _delegatee) { // <= FOUND\n26:     _token.delegate(_delegatee);\n27:     _token.approve(msg.sender, type(uint256).max);\n28:   }\n\n```\n",
          "loc": [
            "[25](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L25-L25)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Avoid single line non empty object declarations",
      "description": "In programming, avoiding single-line, non-empty object declarations enhances readability and maintainability. When properties are declared in a single line, it becomes challenging to scan and differentiate between them, especially as the object grows. Multi-line declarations improve clarity, making it easier to add, remove, or modify properties and to track changes in version control systems.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n4: import {DelegationSurrogate} from \"src/DelegationSurrogate.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L4-L4)"
          ]
        },
        {
          "content": "```solidity\n5: import {INotifiableRewardReceiver} from \"src/interfaces/INotifiableRewardReceiver.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[5](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L5-L5)"
          ]
        },
        {
          "content": "```solidity\n6: import {IERC20Delegates} from \"src/interfaces/IERC20Delegates.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[6](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L6-L6)"
          ]
        },
        {
          "content": "```solidity\n7: import {IERC20} from \"openzeppelin/token/ERC20/IERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[7](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L7-L7)"
          ]
        },
        {
          "content": "```solidity\n8: import {SafeERC20} from \"openzeppelin/token/ERC20/utils/SafeERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[8](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L8-L8)"
          ]
        },
        {
          "content": "```solidity\n9: import {Multicall} from \"openzeppelin/utils/Multicall.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[9](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L9-L9)"
          ]
        },
        {
          "content": "```solidity\n10: import {Nonces} from \"openzeppelin/utils/Nonces.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[10](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L10-L10)"
          ]
        },
        {
          "content": "```solidity\n11: import {SignatureChecker} from \"openzeppelin/utils/cryptography/SignatureChecker.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[11](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L11-L11)"
          ]
        },
        {
          "content": "```solidity\n12: import {EIP712} from \"openzeppelin/utils/cryptography/EIP712.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[12](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L12-L12)"
          ]
        },
        {
          "content": "```solidity\n4: import {IUniswapV3PoolOwnerActions} from \"src/interfaces/IUniswapV3PoolOwnerActions.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[4](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L4-L4)"
          ]
        },
        {
          "content": "```solidity\n5: import {IUniswapV3FactoryOwnerActions} from \"src/interfaces/IUniswapV3FactoryOwnerActions.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[5](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L5-L5)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider validating all user inputs",
      "description": "Validating user inputs in external and public functions is a critical security practice in smart contract development. This approach prevents malicious or erroneous data from compromising contract integrity or behavior. By checking inputs against expected formats, ranges, or conditions before processing, contracts can avoid common vulnerabilities like reentrancy, overflow/underflow, and unauthorized access. ",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n210:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external { // <= FOUND\n211:     _revertIfNotAdmin(); // <= FOUND\n212:     isRewardNotifier[_rewardNotifier] = _isEnabled; // <= FOUND\n213:     emit RewardNotifierSet(_rewardNotifier, _isEnabled); // <= FOUND\n214:   }\n\n```\n",
          "loc": [
            "[210](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L210-L213)"
          ]
        },
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) { // <= FOUND\n242:     return unclaimedRewardCheckpoint[_beneficiary] // <= FOUND\n243:       + (\n244:         earningPower[_beneficiary] // <= FOUND\n245:           * (rewardPerTokenAccumulated() - beneficiaryRewardPerTokenCheckpoint[_beneficiary]) // <= FOUND\n246:       ) / SCALE_FACTOR;\n247:   }\n\n```\n",
          "loc": [
            "[241](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L241-L245)"
          ]
        },
        {
          "content": "```solidity\n256:   function stake(uint256 _amount, address _delegatee) // <= FOUND\n257:     external\n258:     returns (DepositIdentifier _depositId) // <= FOUND\n259:   {\n260:     _depositId = _stake(msg.sender, _amount, _delegatee, msg.sender); // <= FOUND\n261:   }\n\n```\n",
          "loc": [
            "[256](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L256-L260)"
          ]
        },
        {
          "content": "```solidity\n271:   function stake(uint256 _amount, address _delegatee, address _beneficiary) // <= FOUND\n272:     external\n273:     returns (DepositIdentifier _depositId) // <= FOUND\n274:   {\n275:     _depositId = _stake(msg.sender, _amount, _delegatee, _beneficiary); // <= FOUND\n276:   }\n\n```\n",
          "loc": [
            "[271](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L271-L275)"
          ]
        },
        {
          "content": "```solidity\n292:   function permitAndStake(\n293:     uint256 _amount, // <= FOUND\n294:     address _delegatee, // <= FOUND\n295:     address _beneficiary, // <= FOUND\n296:     uint256 _deadline, // <= FOUND\n297:     uint8 _v, // <= FOUND\n298:     bytes32 _r, // <= FOUND\n299:     bytes32 _s // <= FOUND\n300:   ) external returns (DepositIdentifier _depositId) { // <= FOUND\n301:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s); // <= FOUND\n302:     _depositId = _stake(msg.sender, _amount, _delegatee, _beneficiary); // <= FOUND\n303:   }\n\n```\n",
          "loc": [
            "[292](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L292-L302)"
          ]
        },
        {
          "content": "```solidity\n315:   function stakeOnBehalf(\n316:     uint256 _amount, // <= FOUND\n317:     address _delegatee, // <= FOUND\n318:     address _beneficiary, // <= FOUND\n319:     address _depositor, // <= FOUND\n320:     bytes memory _signature // <= FOUND\n321:   ) external returns (DepositIdentifier _depositId) { // <= FOUND\n322:     _revertIfSignatureIsNotValidNow( // <= FOUND\n323:       _depositor, // <= FOUND\n324:       _hashTypedDataV4( // <= FOUND\n325:         keccak256(\n326:           abi.encode(\n327:             STAKE_TYPEHASH, _amount, _delegatee, _beneficiary, _depositor, _useNonce(_depositor) // <= FOUND\n328:           )\n329:         )\n330:       ),\n331:       _signature // <= FOUND\n332:     );\n333:     _depositId = _stake(_depositor, _amount, _delegatee, _beneficiary); // <= FOUND\n334:   }\n\n```\n",
          "loc": [
            "[315](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L315-L333)"
          ]
        },
        {
          "content": "```solidity\n342:   function stakeMore(DepositIdentifier _depositId, uint256 _amount) external { // <= FOUND\n343:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n344:     _revertIfNotDepositOwner(deposit, msg.sender); // <= FOUND\n345:     _stakeMore(deposit, _depositId, _amount); // <= FOUND\n346:   }\n\n```\n",
          "loc": [
            "[342](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L342-L345)"
          ]
        },
        {
          "content": "```solidity\n360:   function permitAndStakeMore(\n361:     DepositIdentifier _depositId, // <= FOUND\n362:     uint256 _amount, // <= FOUND\n363:     uint256 _deadline, // <= FOUND\n364:     uint8 _v, // <= FOUND\n365:     bytes32 _r, // <= FOUND\n366:     bytes32 _s // <= FOUND\n367:   ) external {\n368:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n369:     _revertIfNotDepositOwner(deposit, msg.sender); // <= FOUND\n370: \n371:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s); // <= FOUND\n372:     _stakeMore(deposit, _depositId, _amount); // <= FOUND\n373:   }\n\n```\n",
          "loc": [
            "[360](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L360-L372)"
          ]
        },
        {
          "content": "```solidity\n382:   function stakeMoreOnBehalf(\n383:     DepositIdentifier _depositId, // <= FOUND\n384:     uint256 _amount, // <= FOUND\n385:     address _depositor, // <= FOUND\n386:     bytes memory _signature // <= FOUND\n387:   ) external {\n388:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n389:     _revertIfNotDepositOwner(deposit, _depositor); // <= FOUND\n390: \n391:     _revertIfSignatureIsNotValidNow( // <= FOUND\n392:       _depositor, // <= FOUND\n393:       _hashTypedDataV4( // <= FOUND\n394:         keccak256(\n395:           abi.encode(STAKE_MORE_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor)) // <= FOUND\n396:         )\n397:       ),\n398:       _signature // <= FOUND\n399:     );\n400: \n401:     _stakeMore(deposit, _depositId, _amount); // <= FOUND\n402:   }\n\n```\n",
          "loc": [
            "[382](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L382-L401)"
          ]
        },
        {
          "content": "```solidity\n410:   function alterDelegatee(DepositIdentifier _depositId, address _newDelegatee) external { // <= FOUND\n411:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n412:     _revertIfNotDepositOwner(deposit, msg.sender); // <= FOUND\n413:     _alterDelegatee(deposit, _depositId, _newDelegatee); // <= FOUND\n414:   }\n\n```\n",
          "loc": [
            "[410](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L410-L413)"
          ]
        },
        {
          "content": "```solidity\n423:   function alterDelegateeOnBehalf(\n424:     DepositIdentifier _depositId, // <= FOUND\n425:     address _newDelegatee, // <= FOUND\n426:     address _depositor, // <= FOUND\n427:     bytes memory _signature // <= FOUND\n428:   ) external {\n429:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n430:     _revertIfNotDepositOwner(deposit, _depositor); // <= FOUND\n431: \n432:     _revertIfSignatureIsNotValidNow( // <= FOUND\n433:       _depositor, // <= FOUND\n434:       _hashTypedDataV4( // <= FOUND\n435:         keccak256(\n436:           abi.encode(\n437:             ALTER_DELEGATEE_TYPEHASH, _depositId, _newDelegatee, _depositor, _useNonce(_depositor) // <= FOUND\n438:           )\n439:         )\n440:       ),\n441:       _signature // <= FOUND\n442:     );\n443: \n444:     _alterDelegatee(deposit, _depositId, _newDelegatee); // <= FOUND\n445:   }\n\n```\n",
          "loc": [
            "[423](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L423-L444)"
          ]
        },
        {
          "content": "```solidity\n453:   function alterBeneficiary(DepositIdentifier _depositId, address _newBeneficiary) external { // <= FOUND\n454:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n455:     _revertIfNotDepositOwner(deposit, msg.sender); // <= FOUND\n456:     _alterBeneficiary(deposit, _depositId, _newBeneficiary); // <= FOUND\n457:   }\n\n```\n",
          "loc": [
            "[453](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L453-L456)"
          ]
        },
        {
          "content": "```solidity\n466:   function alterBeneficiaryOnBehalf(\n467:     DepositIdentifier _depositId, // <= FOUND\n468:     address _newBeneficiary, // <= FOUND\n469:     address _depositor, // <= FOUND\n470:     bytes memory _signature // <= FOUND\n471:   ) external {\n472:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n473:     _revertIfNotDepositOwner(deposit, _depositor); // <= FOUND\n474: \n475:     _revertIfSignatureIsNotValidNow( // <= FOUND\n476:       _depositor, // <= FOUND\n477:       _hashTypedDataV4( // <= FOUND\n478:         keccak256(\n479:           abi.encode(\n480:             ALTER_BENEFICIARY_TYPEHASH,\n481:             _depositId, // <= FOUND\n482:             _newBeneficiary, // <= FOUND\n483:             _depositor, // <= FOUND\n484:             _useNonce(_depositor) // <= FOUND\n485:           )\n486:         )\n487:       ),\n488:       _signature // <= FOUND\n489:     );\n490: \n491:     _alterBeneficiary(deposit, _depositId, _newBeneficiary); // <= FOUND\n492:   }\n\n```\n",
          "loc": [
            "[466](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L466-L491)"
          ]
        },
        {
          "content": "```solidity\n499:   function withdraw(DepositIdentifier _depositId, uint256 _amount) external { // <= FOUND\n500:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n501:     _revertIfNotDepositOwner(deposit, msg.sender); // <= FOUND\n502:     _withdraw(deposit, _depositId, _amount); // <= FOUND\n503:   }\n\n```\n",
          "loc": [
            "[499](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L499-L502)"
          ]
        },
        {
          "content": "```solidity\n512:   function withdrawOnBehalf(\n513:     DepositIdentifier _depositId, // <= FOUND\n514:     uint256 _amount, // <= FOUND\n515:     address _depositor, // <= FOUND\n516:     bytes memory _signature // <= FOUND\n517:   ) external {\n518:     Deposit storage deposit = deposits[_depositId]; // <= FOUND\n519:     _revertIfNotDepositOwner(deposit, _depositor); // <= FOUND\n520: \n521:     _revertIfSignatureIsNotValidNow( // <= FOUND\n522:       _depositor, // <= FOUND\n523:       _hashTypedDataV4( // <= FOUND\n524:         keccak256(\n525:           abi.encode(WITHDRAW_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor)) // <= FOUND\n526:         )\n527:       ),\n528:       _signature // <= FOUND\n529:     );\n530: \n531:     _withdraw(deposit, _depositId, _amount); // <= FOUND\n532:   }\n\n```\n",
          "loc": [
            "[512](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L512-L531)"
          ]
        },
        {
          "content": "```solidity\n544:   function claimRewardOnBehalf(address _beneficiary, bytes memory _signature) external { // <= FOUND\n545:     _revertIfSignatureIsNotValidNow( // <= FOUND\n546:       _beneficiary, // <= FOUND\n547:       _hashTypedDataV4( // <= FOUND\n548:         keccak256(abi.encode(CLAIM_REWARD_TYPEHASH, _beneficiary, _useNonce(_beneficiary))) // <= FOUND\n549:       ),\n550:       _signature // <= FOUND\n551:     );\n552:     _claimReward(_beneficiary); // <= FOUND\n553:   }\n\n```\n",
          "loc": [
            "[544](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L544-L552)"
          ]
        },
        {
          "content": "```solidity\n570:   function notifyRewardAmount(uint256 _amount) external { // <= FOUND\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender);\n572: \n575:     rewardPerTokenAccumulatedCheckpoint = rewardPerTokenAccumulated();\n576: \n577:     if (block.timestamp >= rewardEndTime) {\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n579:     } else {\n580:       uint256 _remainingReward = scaledRewardRate * (rewardEndTime - block.timestamp); // <= FOUND\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n582:     }\n583: \n584:     rewardEndTime = block.timestamp + REWARD_DURATION;\n585:     lastCheckpointTime = block.timestamp;\n586: \n587:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate();\n588: \n594:     if (\n595:       (scaledRewardRate * REWARD_DURATION) > (REWARD_TOKEN.balanceOf(address(this)) * SCALE_FACTOR)\n596:     ) revert UniStaker__InsufficientRewardBalance();\n597: \n598:     emit RewardNotified(_amount, msg.sender); // <= FOUND\n599:   }\n\n```\n",
          "loc": [
            "[570](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L570-L598)"
          ]
        },
        {
          "content": "```solidity\n131:   function enableFeeAmount(uint24 _fee, int24 _tickSpacing) external { // <= FOUND\n132:     _revertIfNotAdmin(); // <= FOUND\n133:     FACTORY.enableFeeAmount(_fee, _tickSpacing); // <= FOUND\n134:   }\n\n```\n",
          "loc": [
            "[131](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L131-L133)"
          ]
        },
        {
          "content": "```solidity\n142:   function setFeeProtocol(\n143:     IUniswapV3PoolOwnerActions _pool, // <= FOUND\n144:     uint8 _feeProtocol0, // <= FOUND\n145:     uint8 _feeProtocol1 // <= FOUND\n146:   ) external {\n147:     _revertIfNotAdmin(); // <= FOUND\n148:     _pool.setFeeProtocol(_feeProtocol0, _feeProtocol1); // <= FOUND\n149:   }\n\n```\n",
          "loc": [
            "[142](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L142-L148)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool, // <= FOUND\n183:     address _recipient, // <= FOUND\n184:     uint128 _amount0Requested, // <= FOUND\n185:     uint128 _amount1Requested // <= FOUND\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount);\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) = // <= FOUND\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested); // <= FOUND\n191: \n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) { // <= FOUND\n194:       revert V3FactoryOwner__InsufficientFeesCollected();\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1); // <= FOUND\n197:     return (_amount0, _amount1); // <= FOUND\n198:   }\n\n```\n",
          "loc": [
            "[181](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L181-L197)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Consider using named returns",
      "description": "Using named returns in Solidity functions enhances code readability and clarity. By explicitly naming return variables in the function signature, developers can document what each return value represents, making the code easier to understand and maintain. This practice can also slightly optimize gas usage by avoiding extra variable declarations.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n220:   function lastTimeRewardDistributed() public view returns (uint256)  // <= FOUND\n\n```\n",
          "loc": [
            "[220](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L220-L220)"
          ]
        },
        {
          "content": "```solidity\n229:   function rewardPerTokenAccumulated() public view returns (uint256)  // <= FOUND\n\n```\n",
          "loc": [
            "[229](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L229-L229)"
          ]
        },
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256)  // <= FOUND\n\n```\n",
          "loc": [
            "[241](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L241-L241)"
          ]
        },
        {
          "content": "```solidity\n292:   function permitAndStake(\n293:     uint256 _amount,\n294:     address _delegatee,\n295:     address _beneficiary,\n296:     uint256 _deadline,\n297:     uint8 _v,\n298:     bytes32 _r,\n299:     bytes32 _s\n300:   ) external returns (DepositIdentifier _depositId)  // <= FOUND\n\n```\n",
          "loc": [
            "[300](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L300-L300)"
          ]
        },
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId) // <= FOUND\n641:   \n\n```\n",
          "loc": [
            "[640](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L640-L640)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128)  // <= FOUND\n\n```\n",
          "loc": [
            "[186](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L186-L186)"
          ]
        },
        {
          "content": "```solidity\n271:   function stake(uint256 _amount, address _delegatee, address _beneficiary)\n272:     external\n273:     returns (DepositIdentifier _depositId) // <= FOUND\n274:   \n\n```\n",
          "loc": [
            "[273](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L273-L273)"
          ]
        },
        {
          "content": "```solidity\n315:   function stakeOnBehalf(\n316:     uint256 _amount,\n317:     address _delegatee,\n318:     address _beneficiary,\n319:     address _depositor,\n320:     bytes memory _signature\n321:   ) external returns (DepositIdentifier _depositId)  // <= FOUND\n\n```\n",
          "loc": [
            "[321](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L321-L321)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Errors should have parameters",
      "description": "In Solidity, custom errors with parameters offer a gas-efficient way to convey detailed information about issues encountered during contract execution. Unlike revert messages, which are strings consuming more gas, custom errors defined with parameters allow developers to specify types and details of errors succinctly. This method enhances debugging, provides clearer insights into contract failures, and improves the developer's and end-user's understanding of what went wrong, all while optimizing for gas usage and maintaining contract efficiency.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n76: \n78:   error UniStaker__InvalidRewardRate(); // <= FOUND\n\n```\n",
          "loc": [
            "[76](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L76-L78)"
          ]
        },
        {
          "content": "```solidity\n81: \n85:   error UniStaker__InsufficientRewardBalance(); // <= FOUND\n\n```\n",
          "loc": [
            "[81](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L81-L85)"
          ]
        },
        {
          "content": "```solidity\n84: \n86:   error UniStaker__InvalidAddress(); // <= FOUND\n\n```\n",
          "loc": [
            "[84](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L84-L86)"
          ]
        },
        {
          "content": "```solidity\n87: \n89:   error UniStaker__InvalidSignature(); // <= FOUND\n\n```\n",
          "loc": [
            "[87](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L87-L89)"
          ]
        },
        {
          "content": "```solidity\n54: \n56:   error V3FactoryOwner__Unauthorized(); // <= FOUND\n\n```\n",
          "loc": [
            "[54](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L54-L56)"
          ]
        },
        {
          "content": "```solidity\n57: \n59:   error V3FactoryOwner__InvalidAddress(); // <= FOUND\n\n```\n",
          "loc": [
            "[57](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L57-L59)"
          ]
        },
        {
          "content": "```solidity\n60: \n62:   error V3FactoryOwner__InvalidPayoutAmount(); // <= FOUND\n\n```\n",
          "loc": [
            "[60](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L60-L62)"
          ]
        },
        {
          "content": "```solidity\n63: \n65:   error V3FactoryOwner__InsufficientFeesCollected(); // <= FOUND\n\n```\n",
          "loc": [
            "[63](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L63-L65)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "Avoid using 'owner' or '_owner' as a parameter name",
      "description": "Using 'owner' or '_owner' as a parameter name in functions, especially in contracts inheriting from or interacting with OpenZeppelin's `Ownable` contract, can lead to confusion and potential bugs. These contracts often have a state variable named `owner`, managed by the `Ownable` pattern for access control. Using the same name for function parameters may obscure the contract's `owner` state variable, complicating code readability and maintenance. Prefer alternative descriptive names for parameters to maintain clarity and prevent conflicts with established ownership patterns.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n787:   function _revertIfNotDepositOwner(Deposit storage deposit, address owner) internal view  // <= FOUND\n\n```\n",
          "loc": [
            "[787](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L787-L787)"
          ]
        }
      ]
    },
    {
      "severity": "NonCritical",
      "title": "ERC777 tokens can introduce reentrancy risks",
      "description": "ERC777 is an advanced token standard that introduces hooks, allowing operators to execute additional logic during transfers. While this feature offers greater flexibility, it also opens up the possibility of reentrancy attacks. Specifically, when tokens are sent, the receiving contract's `tokensReceived` hook gets called, and this external call can execute arbitrary code. An attacker can exploit this feature to re-enter the original function, potentially leading to double-spending or other types of financial manipulation.\n\nTo mitigate reentrancy risks with ERC777, it's crucial to adopt established security measures, such as utilizing reentrancy guards or following the check-effects-interactions pattern. Some developers opt to stick with the simpler ERC20 standard, which does not have these hooks, to minimize this risk. If you do choose to use ERC777, extreme caution and thorough auditing are advised to secure against potential reentrancy vulnerabilities.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n623:   function _stakeTokenSafeTransferFrom(address _from, address _to, uint256 _value) internal { // <= FOUND\n624:     SafeERC20.safeTransferFrom(IERC20(address(STAKE_TOKEN)), _from, _to, _value); // <= FOUND\n625:   }\n\n```\n",
          "loc": [
            "[623](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L623-L624)"
          ]
        },
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   {\n642:     _revertIfAddressZero(_delegatee);\n643:     _revertIfAddressZero(_beneficiary);\n644: \n645:     _checkpointGlobalReward();\n646:     _checkpointReward(_beneficiary);\n647: \n648:     DelegationSurrogate _surrogate = _fetchOrDeploySurrogate(_delegatee);\n649:     _depositId = _useDepositId();\n650: \n651:     totalStaked += _amount;\n652:     depositorTotalStaked[_depositor] += _amount;\n653:     earningPower[_beneficiary] += _amount;\n654:     deposits[_depositId] = Deposit({\n655:       balance: _amount,\n656:       owner: _depositor,\n657:       delegatee: _delegatee,\n658:       beneficiary: _beneficiary\n659:     });\n660:     _stakeTokenSafeTransferFrom(_depositor, address(_surrogate), _amount); // <= FOUND\n661:     emit StakeDeposited(_depositor, _depositId, _amount, _amount);\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary);\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee);\n664:   }\n\n```\n",
          "loc": [
            "[638](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L638-L660)"
          ]
        },
        {
          "content": "```solidity\n669:   function _stakeMore(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n670:     internal\n671:   {\n672:     _checkpointGlobalReward();\n673:     _checkpointReward(deposit.beneficiary);\n674: \n675:     DelegationSurrogate _surrogate = surrogates[deposit.delegatee];\n676: \n677:     totalStaked += _amount;\n678:     depositorTotalStaked[deposit.owner] += _amount;\n679:     earningPower[deposit.beneficiary] += _amount;\n680:     deposit.balance += _amount;\n681:     _stakeTokenSafeTransferFrom(deposit.owner, address(_surrogate), _amount); // <= FOUND\n682:     emit StakeDeposited(deposit.owner, _depositId, _amount, deposit.balance);\n683:   }\n\n```\n",
          "loc": [
            "[669](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L669-L681)"
          ]
        },
        {
          "content": "```solidity\n688:   function _alterDelegatee(\n689:     Deposit storage deposit,\n690:     DepositIdentifier _depositId,\n691:     address _newDelegatee\n692:   ) internal {\n693:     _revertIfAddressZero(_newDelegatee);\n694:     DelegationSurrogate _oldSurrogate = surrogates[deposit.delegatee];\n695:     emit DelegateeAltered(_depositId, deposit.delegatee, _newDelegatee);\n696:     deposit.delegatee = _newDelegatee;\n697:     DelegationSurrogate _newSurrogate = _fetchOrDeploySurrogate(_newDelegatee);\n698:     _stakeTokenSafeTransferFrom(address(_oldSurrogate), address(_newSurrogate), deposit.balance); // <= FOUND\n699:   }\n\n```\n",
          "loc": [
            "[688](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L688-L698)"
          ]
        },
        {
          "content": "```solidity\n723:   function _withdraw(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n724:     internal\n725:   {\n726:     _checkpointGlobalReward();\n727:     _checkpointReward(deposit.beneficiary);\n728: \n729:     deposit.balance -= _amount; \n730:     totalStaked -= _amount;\n731:     depositorTotalStaked[deposit.owner] -= _amount;\n732:     earningPower[deposit.beneficiary] -= _amount;\n733:     _stakeTokenSafeTransferFrom(address(surrogates[deposit.delegatee]), deposit.owner, _amount); // <= FOUND\n734:     emit StakeWithdrawn(_depositId, _amount, deposit.balance);\n735:   }\n\n```\n",
          "loc": [
            "[723](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L723-L733)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested,\n185:     uint128 _amount1Requested\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount); // <= FOUND\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) =\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested);\n191: \n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) {\n194:       revert V3FactoryOwner__InsufficientFeesCollected();\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1);\n197:     return (_amount0, _amount1);\n198:   }\n\n```\n",
          "loc": [
            "[181](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L181-L187)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "It is more efficient to use block.timestamp directly rather than calling a function to return it",
      "description": "Creating a function to return block.timestamp is gas inefficient due to the overhead of function storage and execution, while directly accessing block.timestamp in your contract code or as a function argument is a more gas-efficient alternative.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n220:   function lastTimeRewardDistributed() public view returns (uint256) {\n221:     if (rewardEndTime <= block.timestamp) return rewardEndTime;\n222:     else return block.timestamp; // <= FOUND\n223:   }\n\n```\n",
          "loc": [
            "[222](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L222-L222)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "x + y is more efficient than using += for state variables (likewise for -=)",
      "description": "In instances found where either += or -= are used against state variables use x = x + y instead",
      "gasSavings": 15,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   {\n642:     _revertIfAddressZero(_delegatee);\n643:     _revertIfAddressZero(_beneficiary);\n644: \n645:     _checkpointGlobalReward();\n646:     _checkpointReward(_beneficiary);\n647: \n648:     DelegationSurrogate _surrogate = _fetchOrDeploySurrogate(_delegatee);\n649:     _depositId = _useDepositId();\n650: \n651:     totalStaked += _amount; // <= FOUND\n652:     depositorTotalStaked[_depositor] += _amount;\n653:     earningPower[_beneficiary] += _amount;\n654:     deposits[_depositId] = Deposit({\n655:       balance: _amount,\n656:       owner: _depositor,\n657:       delegatee: _delegatee,\n658:       beneficiary: _beneficiary\n659:     });\n660:     _stakeTokenSafeTransferFrom(_depositor, address(_surrogate), _amount);\n661:     emit StakeDeposited(_depositor, _depositId, _amount, _amount);\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary);\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee);\n664:   }\n\n```\n",
          "loc": [
            "[651](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L651-L651)"
          ]
        },
        {
          "content": "```solidity\n669:   function _stakeMore(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n670:     internal\n671:   {\n672:     _checkpointGlobalReward();\n673:     _checkpointReward(deposit.beneficiary);\n674: \n675:     DelegationSurrogate _surrogate = surrogates[deposit.delegatee];\n676: \n677:     totalStaked += _amount; // <= FOUND\n678:     depositorTotalStaked[deposit.owner] += _amount;\n679:     earningPower[deposit.beneficiary] += _amount;\n680:     deposit.balance += _amount;\n681:     _stakeTokenSafeTransferFrom(deposit.owner, address(_surrogate), _amount);\n682:     emit StakeDeposited(deposit.owner, _depositId, _amount, deposit.balance);\n683:   }\n\n```\n",
          "loc": [
            "[677](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L677-L677)"
          ]
        },
        {
          "content": "```solidity\n723:   function _withdraw(Deposit storage deposit, DepositIdentifier _depositId, uint256 _amount)\n724:     internal\n725:   {\n726:     _checkpointGlobalReward();\n727:     _checkpointReward(deposit.beneficiary);\n728: \n729:     deposit.balance -= _amount; \n730:     totalStaked -= _amount; // <= FOUND\n731:     depositorTotalStaked[deposit.owner] -= _amount;\n732:     earningPower[deposit.beneficiary] -= _amount;\n733:     _stakeTokenSafeTransferFrom(address(surrogates[deposit.delegatee]), deposit.owner, _amount);\n734:     emit StakeWithdrawn(_depositId, _amount, deposit.balance);\n735:   }\n\n```\n",
          "loc": [
            "[730](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L730-L730)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Calldata should be used in place of memory function parameters when not mutated",
      "description": "In Solidity, `calldata` should be used in place of `memory` for function parameters when the function is `external`. This is because `calldata` is a non-modifiable, non-persistent area where function arguments are stored, and it's cheaper in terms of gas than `memory`. It's especially efficient for arrays and complex data types. `calldata` provides a gas-efficient way to pass data in external function calls, whereas `memory` is a temporary space that's erased between external function calls. This distinction is crucial for optimizing smart contracts for gas usage and performance.",
      "gasSavings": 78,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n315:   function stakeOnBehalf(\n316:     uint256 _amount,\n317:     address _delegatee,\n318:     address _beneficiary,\n319:     address _depositor,\n320:     bytes memory _signature // <= FOUND\n321:   ) external returns (DepositIdentifier _depositId) {\n322:     _revertIfSignatureIsNotValidNow(\n323:       _depositor,\n324:       _hashTypedDataV4(\n325:         keccak256(\n326:           abi.encode(\n327:             STAKE_TYPEHASH, _amount, _delegatee, _beneficiary, _depositor, _useNonce(_depositor)\n328:           )\n329:         )\n330:       ),\n331:       _signature // <= FOUND\n332:     );\n333:     _depositId = _stake(_depositor, _amount, _delegatee, _beneficiary);\n334:   }\n\n```\n",
          "loc": [
            "[315](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L315-L331)"
          ]
        },
        {
          "content": "```solidity\n382:   function stakeMoreOnBehalf(\n383:     DepositIdentifier _depositId,\n384:     uint256 _amount,\n385:     address _depositor,\n386:     bytes memory _signature // <= FOUND\n387:   ) external {\n388:     Deposit storage deposit = deposits[_depositId];\n389:     _revertIfNotDepositOwner(deposit, _depositor);\n390: \n391:     _revertIfSignatureIsNotValidNow(\n392:       _depositor,\n393:       _hashTypedDataV4(\n394:         keccak256(\n395:           abi.encode(STAKE_MORE_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor))\n396:         )\n397:       ),\n398:       _signature // <= FOUND\n399:     );\n400: \n401:     _stakeMore(deposit, _depositId, _amount);\n402:   }\n\n```\n",
          "loc": [
            "[382](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L382-L398)"
          ]
        },
        {
          "content": "```solidity\n423:   function alterDelegateeOnBehalf(\n424:     DepositIdentifier _depositId,\n425:     address _newDelegatee,\n426:     address _depositor,\n427:     bytes memory _signature // <= FOUND\n428:   ) external {\n429:     Deposit storage deposit = deposits[_depositId];\n430:     _revertIfNotDepositOwner(deposit, _depositor);\n431: \n432:     _revertIfSignatureIsNotValidNow(\n433:       _depositor,\n434:       _hashTypedDataV4(\n435:         keccak256(\n436:           abi.encode(\n437:             ALTER_DELEGATEE_TYPEHASH, _depositId, _newDelegatee, _depositor, _useNonce(_depositor)\n438:           )\n439:         )\n440:       ),\n441:       _signature // <= FOUND\n442:     );\n443: \n444:     _alterDelegatee(deposit, _depositId, _newDelegatee);\n445:   }\n\n```\n",
          "loc": [
            "[423](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L423-L441)"
          ]
        },
        {
          "content": "```solidity\n466:   function alterBeneficiaryOnBehalf(\n467:     DepositIdentifier _depositId,\n468:     address _newBeneficiary,\n469:     address _depositor,\n470:     bytes memory _signature // <= FOUND\n471:   ) external {\n472:     Deposit storage deposit = deposits[_depositId];\n473:     _revertIfNotDepositOwner(deposit, _depositor);\n474: \n475:     _revertIfSignatureIsNotValidNow(\n476:       _depositor,\n477:       _hashTypedDataV4(\n478:         keccak256(\n479:           abi.encode(\n480:             ALTER_BENEFICIARY_TYPEHASH,\n481:             _depositId,\n482:             _newBeneficiary,\n483:             _depositor,\n484:             _useNonce(_depositor)\n485:           )\n486:         )\n487:       ),\n488:       _signature // <= FOUND\n489:     );\n490: \n491:     _alterBeneficiary(deposit, _depositId, _newBeneficiary);\n492:   }\n\n```\n",
          "loc": [
            "[466](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L466-L488)"
          ]
        },
        {
          "content": "```solidity\n512:   function withdrawOnBehalf(\n513:     DepositIdentifier _depositId,\n514:     uint256 _amount,\n515:     address _depositor,\n516:     bytes memory _signature // <= FOUND\n517:   ) external {\n518:     Deposit storage deposit = deposits[_depositId];\n519:     _revertIfNotDepositOwner(deposit, _depositor);\n520: \n521:     _revertIfSignatureIsNotValidNow(\n522:       _depositor,\n523:       _hashTypedDataV4(\n524:         keccak256(\n525:           abi.encode(WITHDRAW_TYPEHASH, _depositId, _amount, _depositor, _useNonce(_depositor))\n526:         )\n527:       ),\n528:       _signature // <= FOUND\n529:     );\n530: \n531:     _withdraw(deposit, _depositId, _amount);\n532:   }\n\n```\n",
          "loc": [
            "[512](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L512-L528)"
          ]
        },
        {
          "content": "```solidity\n544:   function claimRewardOnBehalf(address _beneficiary, bytes memory _signature) external { // <= FOUND\n545:     _revertIfSignatureIsNotValidNow(\n546:       _beneficiary,\n547:       _hashTypedDataV4(\n548:         keccak256(abi.encode(CLAIM_REWARD_TYPEHASH, _beneficiary, _useNonce(_beneficiary)))\n549:       ),\n550:       _signature // <= FOUND\n551:     );\n552:     _claimReward(_beneficiary);\n553:   }\n\n```\n",
          "loc": [
            "[544](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L544-L550)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Usage of smaller uint/int types causes overhead",
      "description": "When using a smaller int/uint type it first needs to be converted to it's 258 bit counterpart to be operated, this increases the gass cost and thus should be avoided. However it does make sense to use smaller int/uint values within structs provided you pack the struct properly.",
      "gasSavings": 275,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n292:   function permitAndStake(\n293:     uint256 _amount,\n294:     address _delegatee,\n295:     address _beneficiary,\n296:     uint256 _deadline,\n297:     uint8 _v, // <= FOUND\n298:     bytes32 _r,\n299:     bytes32 _s\n300:   ) external returns (DepositIdentifier _depositId) {\n301:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s);\n302:     _depositId = _stake(msg.sender, _amount, _delegatee, _beneficiary);\n303:   }\n\n```\n",
          "loc": [
            "[297](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L297-L297)"
          ]
        },
        {
          "content": "```solidity\n360:   function permitAndStakeMore(\n361:     DepositIdentifier _depositId,\n362:     uint256 _amount,\n363:     uint256 _deadline,\n364:     uint8 _v, // <= FOUND\n365:     bytes32 _r,\n366:     bytes32 _s\n367:   ) external {\n368:     Deposit storage deposit = deposits[_depositId];\n369:     _revertIfNotDepositOwner(deposit, msg.sender);\n370: \n371:     STAKE_TOKEN.permit(msg.sender, address(this), _amount, _deadline, _v, _r, _s);\n372:     _stakeMore(deposit, _depositId, _amount);\n373:   }\n\n```\n",
          "loc": [
            "[364](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L364-L364)"
          ]
        },
        {
          "content": "```solidity\n142:   function setFeeProtocol(\n143:     IUniswapV3PoolOwnerActions _pool,\n144:     uint8 _feeProtocol0, // <= FOUND\n145:     uint8 _feeProtocol1 // <= FOUND\n146:   ) external {\n147:     _revertIfNotAdmin();\n148:     _pool.setFeeProtocol(_feeProtocol0, _feeProtocol1);\n149:   }\n\n```\n",
          "loc": [
            "[144](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L144-L145)"
          ]
        },
        {
          "content": "```solidity\n131:   function enableFeeAmount(uint24 _fee, int24 _tickSpacing) external { // <= FOUND\n132:     _revertIfNotAdmin();\n133:     FACTORY.enableFeeAmount(_fee, _tickSpacing);\n134:   }\n\n```\n",
          "loc": [
            "[131](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L131-L131)"
          ]
        },
        {
          "content": "```solidity\n181:   function claimFees(\n182:     IUniswapV3PoolOwnerActions _pool,\n183:     address _recipient,\n184:     uint128 _amount0Requested, // <= FOUND\n185:     uint128 _amount1Requested // <= FOUND\n186:   ) external returns (uint128, uint128) {\n187:     PAYOUT_TOKEN.safeTransferFrom(msg.sender, address(REWARD_RECEIVER), payoutAmount);\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount);\n189:     (uint128 _amount0, uint128 _amount1) = // <= FOUND\n190:       _pool.collectProtocol(_recipient, _amount0Requested, _amount1Requested);\n191: \n193:     if (_amount0 < _amount0Requested || _amount1 < _amount1Requested) {\n194:       revert V3FactoryOwner__InsufficientFeesCollected();\n195:     }\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1);\n197:     return (_amount0, _amount1);\n198:   }\n\n```\n",
          "loc": [
            "[184](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L184-L189)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use assembly to check for the zero address",
      "description": "\nUsing assembly for address comparisons in Solidity can save gas because it allows for more direct access to the Ethereum Virtual Machine (EVM), reducing the overhead of higher-level operations. Solidity's high-level abstraction simplifies coding but can introduce additional gas costs. Using assembly for simple operations like address comparisons can be more gas-efficient.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n605:   function _fetchOrDeploySurrogate(address _delegatee)\n606:     internal\n607:     returns (DelegationSurrogate _surrogate)\n608:   {\n609:     _surrogate = surrogates[_delegatee];\n610: \n611:     if (address(_surrogate) == address(0)) { // <= FOUND\n612:       _surrogate = new DelegationSurrogate(STAKE_TOKEN, _delegatee);\n613:       surrogates[_delegatee] = _surrogate;\n614:       emit SurrogateDeployed(_delegatee, address(_surrogate));\n615:     }\n616:   }\n\n```\n",
          "loc": [
            "[605](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L605-L611)"
          ]
        },
        {
          "content": "```solidity\n794:   function _revertIfAddressZero(address _account) internal pure {\n795:     if (_account == address(0)) revert UniStaker__InvalidAddress(); // <= FOUND\n796:   }\n\n```\n",
          "loc": [
            "[794](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L794-L795)"
          ]
        },
        {
          "content": "```solidity\n110:   function setAdmin(address _newAdmin) external {\n111:     _revertIfNotAdmin();\n112:     if (_newAdmin == address(0)) revert V3FactoryOwner__InvalidAddress(); // <= FOUND\n113:     emit AdminSet(admin, _newAdmin);\n114:     admin = _newAdmin;\n115:   }\n\n```\n",
          "loc": [
            "[110](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L110-L112)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Divisions which do not divide by -X cannot overflow or overflow so such operations can be unchecked to save gas",
      "description": "Make such found divisions are unchecked when ensured it is safe to do so",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n570:   function notifyRewardAmount(uint256 _amount) external {\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender);\n572: \n575:     rewardPerTokenAccumulatedCheckpoint = rewardPerTokenAccumulated();\n576: \n577:     if (block.timestamp >= rewardEndTime) {\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n579:     } else {\n580:       uint256 _remainingReward = scaledRewardRate * (rewardEndTime - block.timestamp);\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n582:     }\n583: \n584:     rewardEndTime = block.timestamp + REWARD_DURATION;\n585:     lastCheckpointTime = block.timestamp;\n586: \n587:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate(); // <= FOUND\n588: \n594:     if (\n595:       (scaledRewardRate * REWARD_DURATION) > (REWARD_TOKEN.balanceOf(address(this)) * SCALE_FACTOR)\n596:     ) revert UniStaker__InsufficientRewardBalance();\n597: \n598:     emit RewardNotified(_amount, msg.sender);\n599:   }\n\n```\n",
          "loc": [
            "[578](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L578-L587)"
          ]
        },
        {
          "content": "```solidity\n241:   function unclaimedReward(address _beneficiary) public view returns (uint256) {\n242:     return unclaimedRewardCheckpoint[_beneficiary]\n243:       + (\n244:         earningPower[_beneficiary]\n245:           * (rewardPerTokenAccumulated() - beneficiaryRewardPerTokenCheckpoint[_beneficiary])\n246:       ) / SCALE_FACTOR; // <= FOUND\n247:   }\n\n```\n",
          "loc": [
            "[246](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L246-L246)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Redundant state variable getters",
      "description": "Getters for public state variables are automatically generated so there is no need to code them manually and lose gas",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n220:   function lastTimeRewardDistributed() public view returns (uint256) {\n221:     if (rewardEndTime <= block.timestamp) return rewardEndTime; // <= FOUND\n222:     else return block.timestamp;\n223:   }\n\n```\n",
          "loc": [
            "[221](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L221-L221)"
          ]
        },
        {
          "content": "```solidity\n229:   function rewardPerTokenAccumulated() public view returns (uint256) {\n230:     if (totalStaked == 0) return rewardPerTokenAccumulatedCheckpoint; // <= FOUND\n231: \n232:     return rewardPerTokenAccumulatedCheckpoint\n233:       + (scaledRewardRate * (lastTimeRewardDistributed() - lastCheckpointTime)) / totalStaked;\n234:   }\n\n```\n",
          "loc": [
            "[230](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L230-L230)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Consider activating via-ir for deploying",
      "description": "The Solidity compiler's Intermediate Representation (IR) based code generator, which can be activated using --via-ir on the command line or {\"viaIR\": true} in the options, serves a dual purpose. Firstly, it boosts the transparency and audibility of code generation, which enhances developers' comprehension and control over the contract's final bytecode. Secondly, it enables more sophisticated optimization passes that span multiple functions, thereby potentially leading to more efficient bytecode.\n\nIt's important to note that using the IR-based code generator may lengthen compile times due to the extra optimization steps. Therefore, it's advised to test your contract with and without this option enabled to measure the performance and gas cost implications. If the IR-based code generator significantly enhances your contract's performance or reduces gas costs, consider using the --via-ir flag during deployment. This way, you can leverage more advanced compiler optimizations without hindering your development workflow.",
      "gasSavings": 1750,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n16: all\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L16-L16)"
          ]
        },
        {
          "content": "```solidity\n16: all\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L16-L16)"
          ]
        },
        {
          "content": "```solidity\n16: all\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L16-L16)"
          ]
        },
        {
          "content": "```solidity\n16: all\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L16-L16)"
          ]
        },
        {
          "content": "```solidity\n16: all\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L16-L16)"
          ]
        },
        {
          "content": "```solidity\n16: all\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L16-L16)"
          ]
        },
        {
          "content": "```solidity\n16: all\n\n```\n",
          "loc": [
            "[16](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/interfaces/IUniswapV3FactoryOwnerActions.sol#L16-L16)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use assembly hashing",
      "description": "From a gas standpoint, the assembly version of the keccak256 hashing function can be more efficient than the high-level Solidity version. This is because Solidity has additional overhead when handling function calls and memory management, which can increase the gas cost.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n102: \n104:   bytes32 public constant STAKE_TYPEHASH = keccak256( // <= FOUND\n105:     \"Stake(uint256 amount,address delegatee,address beneficiary,address depositor,uint256 nonce)\"\n106:   );\n\n```\n",
          "loc": [
            "[102](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L102-L104)"
          ]
        },
        {
          "content": "```solidity\n109:   \n110:   bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256( // <= FOUND\n111:     \"AlterDelegatee(uint256 depositId,address newDelegatee,address depositor,uint256 nonce)\"\n112:   );\n\n```\n",
          "loc": [
            "[109](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L109-L110)"
          ]
        },
        {
          "content": "```solidity\n113:   \n114:   bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256( // <= FOUND\n115:     \"AlterBeneficiary(uint256 depositId,address newBeneficiary,address depositor,uint256 nonce)\"\n116:   );\n\n```\n",
          "loc": [
            "[113](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L113-L114)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use assembly to emit events",
      "description": "With the use of inline assembly in Solidity, we can take advantage of low-level features like scratch space and the free memory pointer, offering more gas-efficient ways of emitting events. The scratch space is a certain area of memory where we can temporarily store data, and the free memory pointer indicates the next available memory slot. Using these, we can efficiently assemble event data without incurring additional memory expansion costs. However, safety is paramount: to avoid overwriting or leakage, we must cache the free memory pointer before use and restore it afterward, ensuring that it points to the correct memory location post-operation.",
      "gasSavings": 608,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n213:     emit RewardNotifierSet(_rewardNotifier, _isEnabled); // <= FOUND\n\n```\n",
          "loc": [
            "[213](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L213-L213)"
          ]
        },
        {
          "content": "```solidity\n598: \n599:     emit RewardNotified(_amount, msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[599](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L599-L599)"
          ]
        },
        {
          "content": "```solidity\n614:       emit SurrogateDeployed(_delegatee, address(_surrogate)); // <= FOUND\n\n```\n",
          "loc": [
            "[614](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L614-L614)"
          ]
        },
        {
          "content": "```solidity\n661:     emit StakeDeposited(_depositor, _depositId, _amount, _amount); // <= FOUND\n\n```\n",
          "loc": [
            "[661](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L661-L661)"
          ]
        },
        {
          "content": "```solidity\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary); // <= FOUND\n\n```\n",
          "loc": [
            "[662](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L662-L662)"
          ]
        },
        {
          "content": "```solidity\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee); // <= FOUND\n\n```\n",
          "loc": [
            "[663](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L663-L663)"
          ]
        },
        {
          "content": "```solidity\n682:     emit StakeDeposited(deposit.owner, _depositId, _amount, deposit.balance); // <= FOUND\n\n```\n",
          "loc": [
            "[682](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L682-L682)"
          ]
        },
        {
          "content": "```solidity\n695:     emit DelegateeAltered(_depositId, deposit.delegatee, _newDelegatee); // <= FOUND\n\n```\n",
          "loc": [
            "[695](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L695-L695)"
          ]
        },
        {
          "content": "```solidity\n715:     emit BeneficiaryAltered(_depositId, deposit.beneficiary, _newBeneficiary); // <= FOUND\n\n```\n",
          "loc": [
            "[715](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L715-L715)"
          ]
        },
        {
          "content": "```solidity\n734:     emit StakeWithdrawn(_depositId, _amount, deposit.balance); // <= FOUND\n\n```\n",
          "loc": [
            "[734](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L734-L734)"
          ]
        },
        {
          "content": "```solidity\n747:     emit RewardClaimed(_beneficiary, _reward); // <= FOUND\n\n```\n",
          "loc": [
            "[747](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L747-L747)"
          ]
        },
        {
          "content": "```solidity\n773:     emit AdminSet(admin, _newAdmin); // <= FOUND\n\n```\n",
          "loc": [
            "[773](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L773-L773)"
          ]
        },
        {
          "content": "```solidity\n104: \n105:     emit AdminSet(address(0), _admin); // <= FOUND\n\n```\n",
          "loc": [
            "[105](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L105-L105)"
          ]
        },
        {
          "content": "```solidity\n105:     emit PayoutAmountSet(0, _payoutAmount); // <= FOUND\n\n```\n",
          "loc": [
            "[105](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L105-L105)"
          ]
        },
        {
          "content": "```solidity\n122:     emit PayoutAmountSet(payoutAmount, _newPayoutAmount); // <= FOUND\n\n```\n",
          "loc": [
            "[122](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L122-L122)"
          ]
        },
        {
          "content": "```solidity\n196:     emit FeesClaimed(address(_pool), msg.sender, _recipient, _amount0, _amount1); // <= FOUND\n\n```\n",
          "loc": [
            "[196](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L196-L196)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use solady library where possible to save gas",
      "description": "The following OpenZeppelin imports have a Solady equivalent, as such they can be used to save GAS as Solady modules have been specifically designed to be as GAS efficient as possible",
      "gasSavings": 2000,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n7: import {IERC20} from \"openzeppelin/token/ERC20/IERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[7](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L7-L7)"
          ]
        },
        {
          "content": "```solidity\n8: import {SafeERC20} from \"openzeppelin/token/ERC20/utils/SafeERC20.sol\"; // <= FOUND\n\n```\n",
          "loc": [
            "[8](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L8-L8)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Using private rather than public for constants and immutables, saves gas",
      "description": "Using private visibility for constants and immutables in Solidity instead of public can save gas. This is because private elements are not included in the contract's ABI, reducing the deployment and interaction costs. To achieve better efficiency, it is recommended to use private visibility when external access is not needed.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n102: bytes32 public constant STAKE_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[102](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L102-L102)"
          ]
        },
        {
          "content": "```solidity\n106: bytes32 public constant STAKE_MORE_TYPEHASH = // <= FOUND\n\n```\n",
          "loc": [
            "[106](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L106-L106)"
          ]
        },
        {
          "content": "```solidity\n109: bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[109](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L109-L109)"
          ]
        },
        {
          "content": "```solidity\n113: bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[113](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L113-L113)"
          ]
        },
        {
          "content": "```solidity\n117: bytes32 public constant WITHDRAW_TYPEHASH = // <= FOUND\n\n```\n",
          "loc": [
            "[117](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L117-L117)"
          ]
        },
        {
          "content": "```solidity\n120: bytes32 public constant CLAIM_REWARD_TYPEHASH = // <= FOUND\n\n```\n",
          "loc": [
            "[120](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L120-L120)"
          ]
        },
        {
          "content": "```solidity\n130: uint256 public constant REWARD_DURATION = 30 days; // <= FOUND\n\n```\n",
          "loc": [
            "[130](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L130-L130)"
          ]
        },
        {
          "content": "```solidity\n134: uint256 public constant SCALE_FACTOR = 1e36; // <= FOUND\n\n```\n",
          "loc": [
            "[134](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L134-L134)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Function names can be optimized",
      "description": "Function names in Solidity contracts can be optimized to save gas during both deployment and execution. Method IDs are the first four bytes of the keccak256 hash of the function signature, and having two leading zero bytes can save 128 gas each during deployment. Additionally, renaming functions to have lower method IDs can save 22 gas per call, per sorted position shifted. This optimization leverages the way EVM handles data storage, making the execution more efficient. While these savings might seem minor, they can add up in contracts with numerous calls, contributing to more economical and efficient code.",
      "gasSavings": 384,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces  // <= FOUND\n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner  // <= FOUND\n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate  // <= FOUND\n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "State variable can be updated more than once in a function",
      "description": "Updating a state variable multiple times within a function can lead to inefficiencies and unintended behaviors. Every state change in Ethereum consumes gas, increasing the transaction cost. Moreover, frequent state changes can introduce vulnerabilities if interim values can be externally observed or acted upon. To address this, one should consolidate updates to occur only once, at the end of the function. This minimizes gas usage and ensures consistent state. ",
      "gasSavings": 800,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n570:   function notifyRewardAmount(uint256 _amount) external {\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender);\n572: \n575:     rewardPerTokenAccumulatedCheckpoint = rewardPerTokenAccumulated();\n576: \n577:     if (block.timestamp >= rewardEndTime) {\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n579:     } else {\n580:       uint256 _remainingReward = scaledRewardRate * (rewardEndTime - block.timestamp);\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n582:     }\n583: \n584:     rewardEndTime = block.timestamp + REWARD_DURATION;\n585:     lastCheckpointTime = block.timestamp;\n586: \n587:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate();\n588: \n594:     if (\n595:       (scaledRewardRate * REWARD_DURATION) > (REWARD_TOKEN.balanceOf(address(this)) * SCALE_FACTOR)\n596:     ) revert UniStaker__InsufficientRewardBalance();\n597: \n598:     emit RewardNotified(_amount, msg.sender);\n599:   }\n\n```\n",
          "loc": [
            "[570](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L570-L581)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use assembly to validate msg.sender",
      "description": "Utilizing assembly for validating `msg.sender` can potentially save gas as it allows for more direct and efficient access to Ethereum’s EVM opcodes, bypassing some of the overhead introduced by Solidity’s higher-level abstractions. However, this practice requires deep expertise in EVM, as incorrect implementation can introduce critical vulnerabilities. It is a trade-off between gas efficiency and code safety.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n344:     _revertIfNotDepositOwner(deposit, msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[344](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L344-L344)"
          ]
        },
        {
          "content": "```solidity\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[571](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L571-L571)"
          ]
        },
        {
          "content": "```solidity\n780:     if (msg.sender != admin) revert UniStaker__Unauthorized(\"not admin\", msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[780](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L780-L780)"
          ]
        },
        {
          "content": "```solidity\n203:     if (msg.sender != admin) revert V3FactoryOwner__Unauthorized(); // <= FOUND\n\n```\n",
          "loc": [
            "[203](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L203-L203)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Simple checks for zero uint can be done using assembly to save gas",
      "description": "Using assembly for simple zero checks on unsigned integers can save gas due to lower-level, optimized operations. \n\n**Resolution**: Implement inline assembly with Solidity's `assembly` block to perform zero checks. Ensure thorough testing and verification, as assembly lacks the safety checks of high-level Solidity, potentially introducing vulnerabilities if not used carefully.",
      "gasSavings": 30,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n230:     if (totalStaked == 0) return rewardPerTokenAccumulatedCheckpoint; // <= FOUND\n\n```\n",
          "loc": [
            "[230](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L230-L230)"
          ]
        },
        {
          "content": "```solidity\n587: \n588:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate(); // <= FOUND\n\n```\n",
          "loc": [
            "[587](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L587-L588)"
          ]
        },
        {
          "content": "```solidity\n745:     if (_reward == 0) return; // <= FOUND\n\n```\n",
          "loc": [
            "[745](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L745-L745)"
          ]
        },
        {
          "content": "```solidity\n96:     if (_payoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount(); // <= FOUND\n\n```\n",
          "loc": [
            "[96](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L96-L96)"
          ]
        },
        {
          "content": "```solidity\n121:     if (_newPayoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount(); // <= FOUND\n\n```\n",
          "loc": [
            "[121](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L121-L121)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use Unchecked for Divisions on Constant or Immutable Values",
      "description": "When performing divisions in Solidity, the operation costs gas and includes a check for division by zero. However, if you are dividing by a constant or an immutable value that is guaranteed to be non-zero, this check becomes unnecessary, consuming extra gas without adding safety.\n\n**Resolution**: Utilize the `unchecked` block for divisions involving constant or immutable values that are assuredly non-zero. This bypasses the additional safety checks, optimizing gas usage. Ensure thorough testing and code reviews are conducted to verify the non-zero condition of the denominator, preventing any potential division by zero errors and maintaining contract safety.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n\n```\n",
          "loc": [
            "[578](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L578-L578)"
          ]
        },
        {
          "content": "```solidity\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n\n```\n",
          "loc": [
            "[581](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L581-L581)"
          ]
        },
        {
          "content": "```solidity\n242:     return unclaimedRewardCheckpoint[_beneficiary]\n243:       + (\n244:         earningPower[_beneficiary]\n245:           * (rewardPerTokenAccumulated() - beneficiaryRewardPerTokenCheckpoint[_beneficiary])\n246:       ) / SCALE_FACTOR; // <= FOUND\n\n```\n",
          "loc": [
            "[246](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L246-L246)"
          ]
        },
        {
          "content": "```solidity\n587: \n588:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate(); // <= FOUND\n\n```\n",
          "loc": [
            "[588](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L588-L588)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Optimize Deployment Size by Fine-tuning IPFS Hash",
      "description": "Optimizing the deployment size of a smart contract is vital to minimize gas costs, and one way to achieve this is by fine-tuning the IPFS hash appended by the Solidity compiler as metadata. This metadata, consisting of 53 bytes, increases the gas required for contract deployment by approximately 10,600 gas due to bytecode costs, and additionally, up to 848 gas due to calldata costs, depending on the proportion of zero and non-zero bytes. Utilize the --no-cbor-metadata compiler flag to prevent the compiler from appending metadata. However, this approach has a drawback as it can complicate the contract verification process on block explorers like Etherscan, potentially reducing transparency.",
      "gasSavings": 31800,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces  // <= FOUND\n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner  // <= FOUND\n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate  // <= FOUND\n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Avoid Unnecessary Public Variables",
      "description": "Public state variables in Solidity automatically generate getter functions, increasing contract size and potentially leading to higher deployment and interaction costs. To optimize gas usage and contract efficiency, minimize the use of public variables unless external access is necessary. Instead, use internal or private visibility combined with explicit getter functions when required. This practice not only reduces contract size but also provides better control over data access and manipulation, enhancing security and readability. Prioritize lean, efficient contracts to ensure cost-effectiveness and better performance on the blockchain.",
      "gasSavings": 440000,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n102: bytes32 public constant STAKE_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[102](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L102-L102)"
          ]
        },
        {
          "content": "```solidity\n106: bytes32 public constant STAKE_MORE_TYPEHASH = // <= FOUND\n\n```\n",
          "loc": [
            "[106](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L106-L106)"
          ]
        },
        {
          "content": "```solidity\n109: bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[109](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L109-L109)"
          ]
        },
        {
          "content": "```solidity\n113: bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256( // <= FOUND\n\n```\n",
          "loc": [
            "[113](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L113-L113)"
          ]
        },
        {
          "content": "```solidity\n117: bytes32 public constant WITHDRAW_TYPEHASH = // <= FOUND\n\n```\n",
          "loc": [
            "[117](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L117-L117)"
          ]
        },
        {
          "content": "```solidity\n120: bytes32 public constant CLAIM_REWARD_TYPEHASH = // <= FOUND\n\n```\n",
          "loc": [
            "[120](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L120-L120)"
          ]
        },
        {
          "content": "```solidity\n124: IERC20 public immutable REWARD_TOKEN; // <= FOUND\n\n```\n",
          "loc": [
            "[124](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L124-L124)"
          ]
        },
        {
          "content": "```solidity\n127: IERC20Delegates public immutable STAKE_TOKEN; // <= FOUND\n\n```\n",
          "loc": [
            "[127](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L127-L127)"
          ]
        },
        {
          "content": "```solidity\n130: uint256 public constant REWARD_DURATION = 30 days; // <= FOUND\n\n```\n",
          "loc": [
            "[130](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L130-L130)"
          ]
        },
        {
          "content": "```solidity\n134: uint256 public constant SCALE_FACTOR = 1e36; // <= FOUND\n\n```\n",
          "loc": [
            "[134](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L134-L134)"
          ]
        },
        {
          "content": "```solidity\n140: address public admin; // <= FOUND\n\n```\n",
          "loc": [
            "[140](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L140-L140)"
          ]
        },
        {
          "content": "```solidity\n143: uint256 public totalStaked; // <= FOUND\n\n```\n",
          "loc": [
            "[143](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L143-L143)"
          ]
        },
        {
          "content": "```solidity\n159: uint256 public rewardEndTime; // <= FOUND\n\n```\n",
          "loc": [
            "[159](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L159-L159)"
          ]
        },
        {
          "content": "```solidity\n162: uint256 public lastCheckpointTime; // <= FOUND\n\n```\n",
          "loc": [
            "[162](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L162-L162)"
          ]
        },
        {
          "content": "```solidity\n166: uint256 public scaledRewardRate; // <= FOUND\n\n```\n",
          "loc": [
            "[166](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L166-L166)"
          ]
        },
        {
          "content": "```solidity\n169: uint256 public rewardPerTokenAccumulatedCheckpoint; // <= FOUND\n\n```\n",
          "loc": [
            "[169](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L169-L169)"
          ]
        },
        {
          "content": "```solidity\n66: IUniswapV3FactoryOwnerActions public immutable FACTORY; // <= FOUND\n\n```\n",
          "loc": [
            "[66](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L66-L66)"
          ]
        },
        {
          "content": "```solidity\n69: IERC20 public immutable PAYOUT_TOKEN; // <= FOUND\n\n```\n",
          "loc": [
            "[69](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L69-L69)"
          ]
        },
        {
          "content": "```solidity\n72: uint256 public payoutAmount; // <= FOUND\n\n```\n",
          "loc": [
            "[72](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L72-L72)"
          ]
        },
        {
          "content": "```solidity\n76: INotifiableRewardReceiver public immutable REWARD_RECEIVER; // <= FOUND\n\n```\n",
          "loc": [
            "[76](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L76-L76)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Optimize Storage with Byte Truncation for Time Related State Variables",
      "description": "Storage optimization in Solidity contracts is vital for reducing gas costs, especially when storing time-related state variables. Using `uint32` for storing time values like timestamps is often sufficient, given it can represent dates up to the year 2106. By truncating larger default integer types to `uint32`, you significantly save on storage space and consequently on gas costs for deployment and state modifications. However, ensure that the truncation does not lead to overflow issues and that the variable's size is adequate for the application's expected lifespan and precision requirements. Adopting this optimization practice contributes to more efficient and cost-effective smart contract development.",
      "gasSavings": 6000,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n159: uint256 public rewardEndTime; // <= FOUND\n\n```\n",
          "loc": [
            "[159](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L159-L159)"
          ]
        },
        {
          "content": "```solidity\n162: uint256 public lastCheckpointTime; // <= FOUND\n\n```\n",
          "loc": [
            "[162](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L162-L162)"
          ]
        },
        {
          "content": "```solidity\n130: uint256 public constant REWARD_DURATION = 30 days; // <= FOUND\n\n```\n",
          "loc": [
            "[130](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L130-L130)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Stack variable cost less than state variables while used in emiting event",
      "description": "When emitting events in Solidity, using stack variables (local variables within a function) instead of state variables can lead to significant gas savings. Stack variables reside in memory only for the duration of the function execution and are less costly to access compared to state variables, which are stored on the blockchain. When an event is emitted, accessing these stack variables requires less gas than fetching data from state variables, which involves reading from the contract's storage - a more expensive operation. Thus, for efficiency, prefer using local variables within functions for event emission, especially in functions that are called frequently.",
      "gasSavings": 18,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n773:     emit AdminSet(admin, _newAdmin); // <= FOUND\n\n```\n",
          "loc": [
            "[773](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L773-L773)"
          ]
        },
        {
          "content": "```solidity\n122:     emit PayoutAmountSet(payoutAmount, _newPayoutAmount); // <= FOUND\n\n```\n",
          "loc": [
            "[122](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L122-L122)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Internal functions only used once can be inlined so save gas",
      "description": "If a internal function is only used once it doesn't make sense to modularise it unless the function which does call the function would be overly long and complex otherwise",
      "gasSavings": 30,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n630:   function _useDepositId() internal returns (DepositIdentifier _depositId)  // <= FOUND\n\n```\n",
          "loc": [
            "[630](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L630-L630)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Constructors can be marked as payable to save deployment gas",
      "description": "",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n190:   constructor(IERC20 _rewardToken, IERC20Delegates _stakeToken, address _admin)\n191:     EIP712(\"UniStaker\", \"1\")\n192:   {\n193:     REWARD_TOKEN = _rewardToken;\n194:     STAKE_TOKEN = _stakeToken;\n195:     _setAdmin(_admin);\n196:   }\n\n```\n",
          "loc": [
            "[190](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L190-L190)"
          ]
        },
        {
          "content": "```solidity\n88:   constructor(\n89:     address _admin,\n90:     IUniswapV3FactoryOwnerActions _factory,\n91:     IERC20 _payoutToken,\n92:     uint256 _payoutAmount,\n93:     INotifiableRewardReceiver _rewardReceiver\n94:   ) {\n95:     if (_admin == address(0)) revert V3FactoryOwner__InvalidAddress();\n96:     if (_payoutAmount == 0) revert V3FactoryOwner__InvalidPayoutAmount();\n97: \n98:     admin = _admin;\n99:     FACTORY = _factory;\n100:     PAYOUT_TOKEN = _payoutToken;\n101:     payoutAmount = _payoutAmount;\n102:     REWARD_RECEIVER = _rewardReceiver;\n103: \n104:     emit AdminSet(address(0), _admin);\n105:     emit PayoutAmountSet(0, _payoutAmount);\n106:   }\n\n```\n",
          "loc": [
            "[88](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L88-L88)"
          ]
        },
        {
          "content": "```solidity\n25:   constructor(IERC20Delegates _token, address _delegatee) {\n26:     _token.delegate(_delegatee);\n27:     _token.approve(msg.sender, type(uint256).max);\n28:   }\n\n```\n",
          "loc": [
            "[25](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L25-L25)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Merge events to save gas",
      "description": "Consolidating multiple event emissions into a single event in Solidity can result in significant gas savings. Each event emission in Ethereum involves a gas cost, specifically for the topics logged with the event. By merging sequential events into a singular event, you can save on the Glogtopic cost, which is incurred for each topic of each event. This approach can save around 375 gas per additional topic. This strategy is particularly beneficial in functions where multiple related events are emitted in sequence. However, it's crucial to balance gas optimization with the clarity and utility of the event data for off-chain consumers.",
      "gasSavings": 375,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   {\n642:     _revertIfAddressZero(_delegatee);\n643:     _revertIfAddressZero(_beneficiary);\n644: \n645:     _checkpointGlobalReward();\n646:     _checkpointReward(_beneficiary);\n647: \n648:     DelegationSurrogate _surrogate = _fetchOrDeploySurrogate(_delegatee);\n649:     _depositId = _useDepositId();\n650: \n651:     totalStaked += _amount;\n652:     depositorTotalStaked[_depositor] += _amount;\n653:     earningPower[_beneficiary] += _amount;\n654:     deposits[_depositId] = Deposit({\n655:       balance: _amount,\n656:       owner: _depositor,\n657:       delegatee: _delegatee,\n658:       beneficiary: _beneficiary\n659:     });\n660:     _stakeTokenSafeTransferFrom(_depositor, address(_surrogate), _amount);\n661:     emit StakeDeposited(_depositor, _depositId, _amount, _amount); // <= FOUND\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary); // <= FOUND\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee); // <= FOUND\n664:   }\n\n```\n",
          "loc": [
            "[638](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L638-L663)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use assembly scratch space to build calldata for external calls",
      "description": "Using Solidity's assembly scratch space for constructing calldata in external calls with one or two arguments can be a gas-efficient approach. This method leverages the designated memory area (the first 64 bytes of memory) for temporary data storage during assembly operations. By directly writing arguments into this scratch space, it eliminates the need for additional memory allocation typically required for calldata preparation. This technique can lead to notable gas savings, especially in high-frequency or gas-sensitive operations. However, it requires careful implementation to avoid data corruption and should be used with a thorough understanding of low-level EVM operations and memory handling. Proper testing and validation are crucial when employing such optimizations.",
      "gasSavings": 2200,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n571:     if (!isRewardNotifier[msg.sender]) revert UniStaker__Unauthorized(\"not notifier\", msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[571](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L571-L571)"
          ]
        },
        {
          "content": "```solidity\n681:     _stakeTokenSafeTransferFrom(deposit.owner, address(_surrogate), _amount); // <= FOUND\n\n```\n",
          "loc": [
            "[681](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L681-L681)"
          ]
        },
        {
          "content": "```solidity\n780:     if (msg.sender != admin) revert UniStaker__Unauthorized(\"not admin\", msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[780](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L780-L780)"
          ]
        },
        {
          "content": "```solidity\n788:     if (owner != deposit.owner) revert UniStaker__Unauthorized(\"not owner\", owner); // <= FOUND\n\n```\n",
          "loc": [
            "[788](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L788-L788)"
          ]
        },
        {
          "content": "```solidity\n133:     FACTORY.enableFeeAmount(_fee, _tickSpacing); // <= FOUND\n\n```\n",
          "loc": [
            "[133](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L133-L133)"
          ]
        },
        {
          "content": "```solidity\n148:     _pool.setFeeProtocol(_feeProtocol0, _feeProtocol1); // <= FOUND\n\n```\n",
          "loc": [
            "[148](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L148-L148)"
          ]
        },
        {
          "content": "```solidity\n27:     _token.approve(msg.sender, type(uint256).max); // <= FOUND\n\n```\n",
          "loc": [
            "[27](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L27-L27)"
          ]
        },
        {
          "content": "```solidity\n632:     nextDepositId = DepositIdentifier.wrap(DepositIdentifier.unwrap(_depositId) + 1); // <= FOUND\n\n```\n",
          "loc": [
            "[632](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L632-L632)"
          ]
        },
        {
          "content": "```solidity\n188:     REWARD_RECEIVER.notifyRewardAmount(payoutAmount); // <= FOUND\n\n```\n",
          "loc": [
            "[188](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L188-L188)"
          ]
        },
        {
          "content": "```solidity\n26:     _token.delegate(_delegatee); // <= FOUND\n\n```\n",
          "loc": [
            "[26](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L26-L26)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use assembly scratch space to build calldata for event emits",
      "description": "Utilizing Solidity's assembly scratch space to build calldata for emitting events with just one or two arguments can optimize gas usage. The scratch space, a designated area in the first 64 bytes of memory, is ideal for temporary storage during assembly-level operations. By directly writing the event arguments into this area, developers can bypass the standard memory allocation process required for event emission. This approach results in gas savings, particularly for contracts where events are frequently emitted. However, such low-level optimization requires a deep understanding of Ethereum Virtual Machine (EVM) mechanics and careful coding to prevent data mishandling. Rigorous testing is essential to ensure the integrity and correct functionality of the contract.",
      "gasSavings": 1760,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n213:     emit RewardNotifierSet(_rewardNotifier, _isEnabled); // <= FOUND\n\n```\n",
          "loc": [
            "[213](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L213-L213)"
          ]
        },
        {
          "content": "```solidity\n598: \n599:     emit RewardNotified(_amount, msg.sender); // <= FOUND\n\n```\n",
          "loc": [
            "[598](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L598-L599)"
          ]
        },
        {
          "content": "```solidity\n614:       emit SurrogateDeployed(_delegatee, address(_surrogate)); // <= FOUND\n\n```\n",
          "loc": [
            "[614](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L614-L614)"
          ]
        },
        {
          "content": "```solidity\n747:     emit RewardClaimed(_beneficiary, _reward); // <= FOUND\n\n```\n",
          "loc": [
            "[747](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L747-L747)"
          ]
        },
        {
          "content": "```solidity\n773:     emit AdminSet(admin, _newAdmin); // <= FOUND\n\n```\n",
          "loc": [
            "[773](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L773-L773)"
          ]
        },
        {
          "content": "```solidity\n104: \n105:     emit AdminSet(address(0), _admin); // <= FOUND\n\n```\n",
          "loc": [
            "[104](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L104-L105)"
          ]
        },
        {
          "content": "```solidity\n105:     emit PayoutAmountSet(0, _payoutAmount); // <= FOUND\n\n```\n",
          "loc": [
            "[105](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L105-L105)"
          ]
        },
        {
          "content": "```solidity\n122:     emit PayoutAmountSet(payoutAmount, _newPayoutAmount); // <= FOUND\n\n```\n",
          "loc": [
            "[122](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L122-L122)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Consider using solady's \"FixedPointMathLib\"",
      "description": "Using Solady's \"FixedPointMathLib\" for multiplication or division operations in Solidity can lead to significant gas savings. This library is designed to optimize fixed-point arithmetic operations, which are common in financial calculations involving tokens or currencies. By implementing more efficient algorithms and assembly optimizations, \"FixedPointMathLib\" minimizes the computational resources required for these operations. For contracts that frequently perform such calculations, integrating this library can reduce transaction costs, thereby enhancing overall performance and cost-effectiveness. However, developers must ensure compatibility with their existing codebase and thoroughly test for accuracy and expected behavior to avoid any unintended consequences.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n232: \n233:     return rewardPerTokenAccumulatedCheckpoint\n234:       + (scaledRewardRate * (lastTimeRewardDistributed() - lastCheckpointTime)) / totalStaked; // <= FOUND\n\n```\n",
          "loc": [
            "[234](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L234-L234)"
          ]
        },
        {
          "content": "```solidity\n242:     return unclaimedRewardCheckpoint[_beneficiary]\n243:       + (\n244:         earningPower[_beneficiary]\n245:           * (rewardPerTokenAccumulated() - beneficiaryRewardPerTokenCheckpoint[_beneficiary])\n246:       ) / SCALE_FACTOR; // <= FOUND\n\n```\n",
          "loc": [
            "[246](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L246-L246)"
          ]
        },
        {
          "content": "```solidity\n578:       scaledRewardRate = (_amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n\n```\n",
          "loc": [
            "[578](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L578-L578)"
          ]
        },
        {
          "content": "```solidity\n581:       scaledRewardRate = (_remainingReward + _amount * SCALE_FACTOR) / REWARD_DURATION; // <= FOUND\n\n```\n",
          "loc": [
            "[581](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L581-L581)"
          ]
        },
        {
          "content": "```solidity\n587: \n588:     if ((scaledRewardRate / SCALE_FACTOR) == 0) revert UniStaker__InvalidRewardRate(); // <= FOUND\n\n```\n",
          "loc": [
            "[588](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L588-L588)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Same cast is done multiple times",
      "description": "Repeatedly casting the same variable to the same type within a function is redundant and can be optimized for better gas efficiency and code readability. Each unnecessary cast operation, while minor, adds to the gas cost and clutters the code. To optimize, the best practice is to perform the cast once and store the result in a temporary variable, which can then be used wherever needed in the function.",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n605:   function _fetchOrDeploySurrogate(address _delegatee)\n606:     internal\n607:     returns (DelegationSurrogate _surrogate)\n608:   {\n609:     _surrogate = surrogates[_delegatee];\n610: \n611:     if (address(_surrogate) == address(0)) { // <= FOUND 'address(_surrogate)'\n612:       _surrogate = new DelegationSurrogate(STAKE_TOKEN, _delegatee);\n613:       surrogates[_delegatee] = _surrogate;\n614:       emit SurrogateDeployed(_delegatee, address(_surrogate)); // <= FOUND 'address(_surrogate)'\n615:     }\n616:   }\n\n```\n",
          "loc": [
            "[605](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L605-L614)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Assigning to structs can be more efficient",
      "description": "Rather defining the struct in a single line, it is more efficient to declare an empty struct and then assign each struct element individually. This can net quite a large gas saving of 130 per instance.",
      "gasSavings": 130,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n638:   function _stake(address _depositor, uint256 _amount, address _delegatee, address _beneficiary)\n639:     internal\n640:     returns (DepositIdentifier _depositId)\n641:   {\n642:     _revertIfAddressZero(_delegatee);\n643:     _revertIfAddressZero(_beneficiary);\n644: \n645:     _checkpointGlobalReward();\n646:     _checkpointReward(_beneficiary);\n647: \n648:     DelegationSurrogate _surrogate = _fetchOrDeploySurrogate(_delegatee);\n649:     _depositId = _useDepositId();\n650: \n651:     totalStaked += _amount;\n652:     depositorTotalStaked[_depositor] += _amount;\n653:     earningPower[_beneficiary] += _amount;\n654:     deposits[_depositId] = Deposit({ // <= FOUND\n655:       balance: _amount,\n656:       owner: _depositor,\n657:       delegatee: _delegatee,\n658:       beneficiary: _beneficiary\n659:     });\n660:     _stakeTokenSafeTransferFrom(_depositor, address(_surrogate), _amount);\n661:     emit StakeDeposited(_depositor, _depositId, _amount, _amount);\n662:     emit BeneficiaryAltered(_depositId, address(0), _beneficiary);\n663:     emit DelegateeAltered(_depositId, address(0), _delegatee);\n664:   }\n\n```\n",
          "loc": [
            "[638](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L638-L654)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Use uint256(1)/uint256(2) instead of true/false to save gas for changes",
      "description": "Using uint256 with values 1 and 0 instead of bool can save gas in Solidity contracts when changing state variables, as it avoids higher costs associated with switching from false to true. This technique reduces gas for \"cold\" storage writes to non-zero values. Implementing uint256 for binary states and employing getters to return boolean representations can optimize gas usage, particularly for contracts with frequent state toggling.",
      "gasSavings": 34200,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n65: \n67:   event RewardNotifierSet(address indexed account, bool isEnabled); // <= FOUND\n\n```\n",
          "loc": [
            "[67](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L67-L67)"
          ]
        },
        {
          "content": "```solidity\n210: \n215:   function setRewardNotifier(address _rewardNotifier, bool _isEnabled) external { // <= FOUND\n\n```\n",
          "loc": [
            "[215](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L215-L215)"
          ]
        },
        {
          "content": "```solidity\n807:     bool _isValid = SignatureChecker.isValidSignatureNow(_signer, _hash, _signature); // <= FOUND\n\n```\n",
          "loc": [
            "[807](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L807-L807)"
          ]
        },
        {
          "content": "```solidity\n185: \n187:   mapping(address rewardNotifier => bool) public isRewardNotifier; // <= FOUND\n\n```\n",
          "loc": [
            "[187](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L187-L187)"
          ]
        }
      ]
    },
    {
      "severity": "Gas",
      "title": "Enable IR-based code generation",
      "description": "Enabling Intermediate Representation (IR)-based code generation in Solidity, via the --via-ir compiler flag or setting {\"viaIR\": true} in the configuration, activates an advanced optimization phase. This approach allows the compiler to perform more sophisticated optimizations across multiple functions, potentially leading to significant gas savings. IR-based compilation can optimize contract bytecode more efficiently, making smart contracts cheaper to deploy and execute by reducing the gas required for transactions",
      "gasSavings": null,
      "category": null,
      "instances": [
        {
          "content": "```solidity\n31: contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces { // <= FOUND\n32:   type DepositIdentifier is uint256;\n33: \n89:   bytes32 public constant STAKE_TYPEHASH = keccak256(\n90:     \"Stake(uint256 amount,address delegatee,address beneficiary,address depositor,uint256 nonce)\"\n91:   );\n92:   \n93:   bytes32 public constant STAKE_MORE_TYPEHASH =\n94:     keccak256(\"StakeMore(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n95:   \n96:   bytes32 public constant ALTER_DELEGATEE_TYPEHASH = keccak256(\n97:     \"AlterDelegatee(uint256 depositId,address newDelegatee,address depositor,uint256 nonce)\"\n98:   );\n99:   \n100:   bytes32 public constant ALTER_BENEFICIARY_TYPEHASH = keccak256(\n101:     \"AlterBeneficiary(uint256 depositId,address newBeneficiary,address depositor,uint256 nonce)\"\n102:   );\n103:   \n104:   bytes32 public constant WITHDRAW_TYPEHASH =\n105:     keccak256(\"Withdraw(uint256 depositId,uint256 amount,address depositor,uint256 nonce)\");\n106:   \n107:   bytes32 public constant CLAIM_REWARD_TYPEHASH =\n108:     keccak256(\"ClaimReward(address beneficiary,uint256 nonce)\");\n109: \n111:   IERC20 public immutable REWARD_TOKEN;\n112: \n114:   IERC20Delegates public immutable STAKE_TOKEN;\n115: \n117:   uint256 public constant REWARD_DURATION = 30 days;\n118: \n121:   uint256 public constant SCALE_FACTOR = 1e36;\n122: \n124:   DepositIdentifier private nextDepositId;\n125: \n127:   address public admin;\n128: \n130:   uint256 public totalStaked;\n131: \n133:   mapping(address depositor => uint256 amount) public depositorTotalStaked;\n134: \n136:   mapping(address beneficiary => uint256 amount) public earningPower;\n137: \n139:   mapping(DepositIdentifier depositId => Deposit deposit) public deposits;\n140: \n143:   mapping(address delegatee => DelegationSurrogate surrogate) public surrogates;\n144: \n146:   uint256 public rewardEndTime;\n147: \n149:   uint256 public lastCheckpointTime;\n150: \n\n```\n",
          "loc": [
            "[31](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L31-L31)"
          ]
        },
        {
          "content": "```solidity\n30: contract V3FactoryOwner { // <= FOUND\n31:   using SafeERC20 for IERC20;\n32: \n60:   IUniswapV3FactoryOwnerActions public immutable FACTORY;\n61: \n63:   IERC20 public immutable PAYOUT_TOKEN;\n64: \n66:   uint256 public payoutAmount;\n67: \n70:   INotifiableRewardReceiver public immutable REWARD_RECEIVER;\n71: \n74:   address public admin;\n75: \n142: }\n\n```\n",
          "loc": [
            "[30](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L30-L30)"
          ]
        },
        {
          "content": "```solidity\n20: contract DelegationSurrogate { // <= FOUND\n21:   \n26: }\n\n```\n",
          "loc": [
            "[20](https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/DelegationSurrogate.sol#L20-L20)"
          ]
        }
      ]
    }
  ],
  "createdAt": "2024-02-23T20:56:50.565Z",
  "updatedAt": "2024-02-23T20:56:51.278Z"
}