Transfer tokens directly to the basket

[code423n4]

Handle

itsmeSTYJ

Vulnerability details

Impact

Gas optimisation

Proof of concept

You can save some gas when it comes to creating a new basket by transferring the tokens directly to the newly created Basket contract instead of transferring to the factory, approving the basket and then calling transferFrom to move the tokens to the basket.

Recommended Mitigation Steps

You need to have a separate mintTo function that can only be called by the Factory and doesn't contain the pullUnderlying(amount, msg.sender) function.

[frank-beard]

while this could work, we prefer to not add special functions for situations like that

[GalloDaSballo]

Agree with the finding, and in contract to another warden's submission, there's a clear example of the logic and what it should do.

No problem for it being a nofix, but the finding is valid