Closed code423n4 closed 3 years ago
0xRajeev
In _setYieldSource() a call to _newYieldSource.depositToken() is made twice. Caching the return value in a local variable can prevent an extra CALL saving 2600 gas.
https://github.com/pooltogether/swappable-yield-source/blob/89cf66a3e3f8df24a082e1cd0a0e80d08953049c/contracts/SwappableYieldSource.sol#L256
https://github.com/pooltogether/swappable-yield-source/blob/89cf66a3e3f8df24a082e1cd0a0e80d08953049c/contracts/SwappableYieldSource.sol#L259
Manual Analysis
Cache return value of _newYieldSource.depositToken() in a local variable and use that on L259.
Duplicate of https://github.com/code-423n4/2021-07-pooltogether-findings/issues/26
PierrickGT
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
In _setYieldSource() a call to _newYieldSource.depositToken() is made twice. Caching the return value in a local variable can prevent an extra CALL saving 2600 gas.
Proof of Concept
https://github.com/pooltogether/swappable-yield-source/blob/89cf66a3e3f8df24a082e1cd0a0e80d08953049c/contracts/SwappableYieldSource.sol#L256
https://github.com/pooltogether/swappable-yield-source/blob/89cf66a3e3f8df24a082e1cd0a0e80d08953049c/contracts/SwappableYieldSource.sol#L259
Tools Used
Manual Analysis
Recommended Mitigation Steps
Cache return value of _newYieldSource.depositToken() in a local variable and use that on L259.