0xBrian
commented
3 years ago Probably addressed in mega external patch, https://github.com/vetherasset/vaderprotocol-contracts/commit/d946b6262ac83cdb7722baa3a8684c4ceabf4ea3
Closed code423n4 closed 3 years ago
0xBrian
commented
3 years ago Probably addressed in mega external patch, https://github.com/vetherasset/vaderprotocol-contracts/commit/d946b6262ac83cdb7722baa3a8684c4ceabf4ea3
dmvt
commented
3 years ago duplicate of #14
Handle
0xRajeev
Vulnerability details
Impact
cancelProposal() function is never called from within the contract and so does not require public visibility. As described in https://mudit.blog/solidity-gas-optimization-tips/: “For all the public functions, the input parameters are copied to memory automatically, and it costs gas. If your function is only called externally, then you should explicitly mark it as external. External function’s parameters are not copied into memory but are read from calldata directly. This small optimization in your solidity code can save you a lot of gas when the function input parameters are huge.”
Given the two parameters of cancelProposal() function, this will save some amount of gas.
Proof of Concept
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/DAO.sol#L102
Tools Used
Manual Analysis
Recommended Mitigation Steps
Change visibility of cancelProposal() to external