Closed code423n4 closed 2 years ago
leastwood
DutchAuction.clearingPrice() and HyperbolicAuction.clearingPrice() can both be improved such that the initial results for tokenPrice() and priceFunction() are cached in memory and used to return the correct output.
DutchAuction.clearingPrice()
HyperbolicAuction.clearingPrice()
tokenPrice()
priceFunction()
https://github.com/sushiswap/miso/blob/master/contracts/Auctions/DutchAuction.sol#L227-L234 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/HyperbolicAuction.sol#L218-L224
Manual code review
Consider caching the results to limit the number SSTORE accesses.
SSTORE
Duplicate of #105
Clearwood
commented
2 years ago
Handle
leastwood
Vulnerability details
Impact
DutchAuction.clearingPrice()andHyperbolicAuction.clearingPrice()can both be improved such that the initial results fortokenPrice()andpriceFunction()are cached in memory and used to return the correct output.Proof of Concept
https://github.com/sushiswap/miso/blob/master/contracts/Auctions/DutchAuction.sol#L227-L234 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/HyperbolicAuction.sol#L218-L224
Tools Used
Manual code review
Recommended Mitigation Steps
Consider caching the results to limit the number
SSTOREaccesses.