search

code-423n4 / 2021-09-sushimiso-findings

0 stars 0 forks source link

Inaccurate Function Name `enableList()` #149

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

leastwood

Vulnerability details

Impact

The auction contracts implement the enableList() function to toggle the use of a point list. The function naming doesn't correctly reflect the action of this function.

Proof of Concept

https://github.com/sushiswap/miso/blob/master/contracts/Auctions/BatchAuction.sol#L417-L420 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/DutchAuction.sol#L551-L554 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/Crowdsale.sol#L520-L523 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/HyperbolicAuction.sol#L521-L524

Tools Used

Manual code review

Recommended Mitigation Steps

Update the enableList() function in all auction contracts to toggleList() or similar.

Clearwood commented 3 years ago

This is not a gas optimization

ghoul-sol commented 3 years ago

making this a best practice recommendation, non-critical