Open code423n4 opened 3 years ago
I'm not so sure that the recommended fixes to card[_winningOutcome]
would have any benefit, we can't store a Card
type in memory as it contains a mapping. Card storage _cardWinningOutcome = card[winningOutcome];
will only create a pointer to storage so you are still doing storage reads each time you use it. This is my assumption and I'll certainly get around to confirming when I have a chance.
I can make the changes to msgSender()
and _winningsToTransfer
though.
Handle
PierrickGT
Vulnerability details
Impact
We can avoid 3 sload by storing
card[winningOutcome]
in a private variable.We can also avoid 4 sload by storing
msgSender()
in a private variable.We can also simplify the
_winningsToTransfer
calculation.Proof of Concept
card[winningOutcome]
:msgSender()
:_winningsToTransfer
:Tools Used
Manual analysis
Recommended Mitigation Steps
card[winningOutcome]
:L574:
_cardWinningOutcome.rentCollectedPerCard) *
msgSender()
:L578:
(rentCollectedPerUserPerCard[_msgSender][winningOutcome] *
L591 to L592:
card[winningOutcome]
andmsgSender()
:L564:
if (_cardWinningOutcome.longestOwner == _msgSender && winnerCut > 0) {
L585:
uint256 _winnersTimeHeld = _cardWinningOutcome.timeHeld[_msgSender];
card[winningOutcome]
and_winningsToTransfer
:L587 to L589:
_winningsToTransfer += (_numerator / _cardWinningOutcome.totalTimeHeld);