Open code423n4 opened 2 years ago
Fixing this would make the fee path more expensive, since we will have to use a push
I'm guessing that adding an if for t.fee
being > 0 would allow to skip the extra code / added path in that case
In the case in which there is a fee, it would add the extra cost of the if
I think the finding is valid, however its fine to not change
@GalloDaSballo most cases would have a fee so we'd spend more gas on reallocating the array
@Ivshti Not sure what you mean with reallocating
Wouldn't
if(t.fee > 0){
Identity.Transaction[] memory txns = new Identity.Transaction[](2);
txns[0].to = t.token;
txns[0].data = abi.encodeWithSelector(IERC20.transfer.selector, t.to, t.amount);
txns[1].to = t.token;
txns[1].data = abi.encodeWithSelector(IERC20.transfer.selector, msg.sender, t.fee);
identity.executeBySender(txns);
} else {
Identity.Transaction[] memory txns = new Identity.Transaction[](1);
txns[0].to = t.token;
txns[0].data = abi.encodeWithSelector(IERC20.transfer.selector, t.to, t.amount);
identity.executeBySender(txns);
}
allow you to save gas when there's no fee?
That said, the savings here are just the 3 gas per MSTORE
The real cost is in avoiding a CALL
when you are transferring 0 tokens
hmm good point, I was thinking of it wrong (dynamic sized array and .push
)
Still, we don't see a realistic scenario in which this is called without fee so we'll choose not to implement this
Makes sense, agree with the sponsor in not having to mitigate as they expect all calls to have a fee That said, given context, the gas optimization is valid, so we'll give the warden the points for it
Handle
pauliax
Vulnerability details
Impact
You can only prepare the second tx in function sendTransfer if the t.fee > 0. This will avoid useless external call when there is no fee or the user himself calls this function. txns[1].to = t.token; txns[1].data = abi.encodeWithSelector(IERC20.transfer.selector, msg.sender, t.fee);
Recommended Mitigation Steps
if (t.fee > 0) {...}