search

code-423n4 / 2021-06-gro-findings

0 stars 1 forks source link

Return False early in isValidBigFish #82

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

GalloDaSballo

Vulnerability details

Impact

Detailed description of the impact of this finding.

https://github.com/code-423n4/2021-06-gro/blob/091660467fc8d13741f8aafcec80f1e8cf129a33/contracts/Controller.sol#L252

The variables amount and bigFishAbsoluteThreshold are know before having to fetch (uint256 gvtAssets, uint256 pwrdAssets) = IPnL(pnl).calcPnL(); uint256 assets = pwrdAssets.add(gvtAssets);

You could have a earlier check to save gas for small fishes

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

You can reorder the return false statement, saving gas for small fishes

function isValidBigFish(
    bool pwrd,
    bool deposit,
    uint256 amount
) external view override returns (bool) {
    if (deposit && pwrd) {
        require(validGTokenIncrease(amount), "isBigFish: !validGTokenIncrease");
    } else if (!pwrd && !deposit) {
        require(validGTokenDecrease(amount), "isBigFish: !validGTokenDecrease");
    }
    if (amount < bigFishAbsoluteThreshold) {
        return false;
    }

    (uint256 gvtAssets, uint256 pwrdAssets) = IPnL(pnl).calcPnL();
    uint256 assets = pwrdAssets.add(gvtAssets);

    if (amount > assets) {
        return true;
    } else {
        return amount > assets.mul(bigFishThreshold).div(PERCENTAGE_DECIMAL_FACTOR);
    }
}