Beedle - Oracle free perpetual lending

Summary

Vulnerability Details

Staking.sol line 41 -> balances[msg.sender] += _amount;
Staking.sol line 48 -> balances[msg.sender] -= _amount;
Staking.sol line 89 -> balances[msg.sender] -= _amount;
Lender.sol line 263 -> pools[poolId].outstandingLoans += debt;
Lender.sol line 388 -> pools[poolId].outstandingLoans += totalDebt;
Lender.sol line 490 -> pools[poolId].outstandingLoans += totalDebt;
Lender.sol line 637 -> pools[poolId].outstandingLoans += debt;
Lender.sol line 314 -> pools[poolId].outstandingLoans -= loan.debt;
Lender.sol line 400 -> pools[oldPoolId].outstandingLoans -= loan.debt;
Lender.sol line 502 -> pools[oldPoolId].outstandingLoans -= loan.debt;
Lender.sol line 575 -> pools[poolId].outstandingLoans -= loan.debt;
Lender.sol line 633 -> pools[oldPoolId].outstandingLoans -= loan.debt;
Lender.sol line 698 -> pools[poolId].poolBalance -= debt;
Lender.sol line 726 -> interest -= fees;

In computation the form x= x + y is cheaper than x += y ; and x= x - y is cheaper than x -= y; Not really sure why but have seen this in many audit reports. I guess its related to below :
x +=y can be seen as x += 1(most expensive) about y times and we know that x+=1 is most expensive form versus x++(6 gas less than x+=1) and ++x (5 gas less than x++)

Impact

Gas: If we look at all the instances the gas saved adds up.However there is careful consideration as x+=y format is more readable so its important protocol plugs the numbers to see gas savings and see if worth the readability. My take is readability is not that harmed there are code parts longer than x = x + y form in functions, plus I believe its best to put gas more important to save deployment and user costs.

Tools Used

Manual Analysis

Recommendations

It is recommended to use the form x = x + y; or x = x-y; See examples below
pools[poolId].poolBalance = pools[poolId].poolBalance -debt;
balances[msg.sender] = balances[msg.sender] + _amount;