search

code-423n4 / 2021-08-yield-findings

1 stars 0 forks source link

Two functions with same code can be replaced by a single one #46

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

As noted in the code comment, peek and get functions are the same for this oracle. So we can change peek to public visibility and have get call peek instead of copying the same code here. Minor deployment cost savings but increase in readability/maintainability.

Proof of Concept

https://github.com/code-423n4/2021-08-yield/blob/4dc46470e616dd0cbd9db9b4742e36c4d809e02c/contracts/oracles/composite/CompositeMultiOracle.sol#L91

https://github.com/code-423n4/2021-08-yield/blob/4dc46470e616dd0cbd9db9b4742e36c4d809e02c/contracts/oracles/composite/CompositeMultiOracle.sol#L74-L128

Tools Used

Manual Analysis

Recommended Mitigation Steps

Replace two functions having the same code with a single function.

alcueca commented 3 years ago

Instead I'll do an internal _peek function called by both peek and get, but thanks.

alcueca commented 3 years ago

Actually, it was the natspec that was wrong. CompositeMultiOracle actually has different code for get and peek.

Fix