In approveMax(), instead of making an external call to savings.underlying() getter (costs 2600 gas), we can use the immutable mAsset from the contract which was initialized with this value in the constructor. This will avoid the external call and save 2600 gas.
PierrickGT
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
In approveMax(), instead of making an external call to savings.underlying() getter (costs 2600 gas), we can use the immutable mAsset from the contract which was initialized with this value in the constructor. This will avoid the external call and save 2600 gas.
Proof of Concept
https://github.com/pooltogether/pooltogether-mstable/blob/0bcbd363936fadf5830e9c48392415695896ddb5/contracts/yield-source/MStableYieldSource.sol#L48
https://github.com/pooltogether/pooltogether-mstable/blob/0bcbd363936fadf5830e9c48392415695896ddb5/contracts/yield-source/MStableYieldSource.sol#L55
https://github.com/pooltogether/pooltogether-mstable/blob/0bcbd363936fadf5830e9c48392415695896ddb5/contracts/yield-source/MStableYieldSource.sol#L62
Tools Used
Manual Analysis
Recommended Mitigation Steps
Replace use of savings.underlying() with mAsset.