search

code-423n4 / 2021-09-yaxis-findings

0 stars 0 forks source link

Removing unused parameter and modifier can save gas #58

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact


withdrawalProtectionFe() appears to be the same for all tokens and therefore the parameter _token and the onlyToken() modifier are unused. Removing it and the modifier can save gas.

Proof of Concept

https://github.com/code-423n4/2021-09-yaxis/blob/cf7d9448e70b5c1163a1773adb4709d9d6ad6c99/contracts/v3/controllers/LegacyController.sol#L130-L140

Tools Used

Manual Analysis

Recommended Mitigation Steps

Remove parameter and modifier to save gas.

uN2RVw5q commented 3 years ago

https://github.com/code-423n4/2021-09-yaxis/pull/28#issuecomment-931650139 mentions that removing the parameter _token would break the interface.

The check onlyToken(_token) may still be removed, though. But I'll leave the decision to the other devs.

Haz077 commented 3 years ago

I would say if that would break the interface then this issue should be skipped even if it's still valid in my opinion, we can leave the acknowledged label.

GalloDaSballo commented 3 years ago

Sponsor acknowledged, agree with finding