search

code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

Unecessary transfer trips #245

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

goatbug

Vulnerability details

Impact

In createBasket (Factory), tokens are first transsferred from the creator, to the factory, before being approved and then transfered to the Basket.

The function is atomic and the tokens could simply be written to be transferred straight to Basket to save a lot of gas, especially on large numbers of tokens in a basket.

    for (uint256 i = 0; i < bProposal.weights.length; i++) {
        IERC20 token = IERC20(bProposal.tokens[i]);
        token.safeTransferFrom(msg.sender, address(this), bProposal.weights[i]);
        token.safeApprove(address(newBasket), bProposal.weights[i]);
    }

    newBasket.mintTo(BASE, msg.sender);

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Recommended Mitigation Steps

GalloDaSballo commented 2 years ago

The finding is valid, the implementation will require a fair tech lift