search

Elastic-Finance-DAO / eefi_contracts

0 stars 0 forks source link

[DET-03C] Inexistent Prevention of Zero Native Fund Distribution #100

Open stalker474 opened 2 months ago

stalker474 commented 2 months ago

DET-03C: Inexistent Prevention of Zero Native Fund Distribution

Type Severity Location
Gas Optimization Distribute.sol:L165, L169

Description:

The Distribute::distribute function will return early in case an EIP-20 distribution occurs that is 0, however, the same does not apply to native fund distributions.

Impact:

The Distribute::distribute function will inefficiently perform multiple statements when a zero-value native fund distribution occurs.

Example:

if(address(reward_token) != address(0)) {
    if(amount == 0) return;
    reward_token.safeTransferFrom(from, address(this), amount);
    require(msg.value == 0, "Distribute: Illegal distribution");
} else {
    amount = msg.value;
}

Recommendation:

We advise the if (amount == 0) return; statement to be relocated after the initial if-else block, ensuring that all potential distributions of 0 return early.

stalker474 commented 2 months ago

I decided to add a check in the else statement instead to prevent a useless transfer of 0 amount, that could potentially fail in some erc20 implementations anyway