search

code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

Choose either explicit return or named return, not both #154

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

0xRajeev

Vulnerability details

Impact

Choosing either named return or explicit instead of specifying both may reduce gas due to unnecessary bytecode introduced. proposeBasketLicense() uses a named return variable which is never assigned and instead uses an explicit return statement.

Proof of Concept

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Factory.sol#L71

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Factory.sol#L90

Tools Used

Manual Analysis

Recommended Mitigation Steps

Choose either explicit return or named return, not both

GalloDaSballo commented 2 years ago

Agree with the finding, not sure about the exact cost, I'm assuming you end up paying the additional cost of allocating 0 (default value) to an unused variable, as well as the extra bytecode deployed for said declaration