search

code-423n4 / 2021-10-pooltogether-findings

0 stars 0 forks source link

Unnecessary If Before Require (PrizeDistributor.sol) #54

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

ye0lde

Vulnerability details

Impact

Gas savings and code clarity

Proof of Concept

PrizeDistributor.sol: Both an "if" statement and a "require" are used to protect against "payout <= oldPayout". Only a "require" is needed. https://github.com/pooltogether/v4-core/blob/35b00f710db422a6193131b7dc2de5202dc4677c/contracts/PrizeDistributor.sol#L72-L80

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Replace this https://github.com/pooltogether/v4-core/blob/35b00f710db422a6193131b7dc2de5202dc4677c/contracts/PrizeDistributor.sol#L72-L80 with this uint256 payoutDiff; 

// helpfully short-circuit, in case the user screwed something up.
require(payout > oldPayout, "PrizeDistributor/zero-payout");

payoutDiff = payout - oldPayout;
_setDrawPayoutBalanceOf(_user, drawId, payout);

Note also that explicitly initializing "payoutDiff" to 0 isn't necessary although it might be standard practice on your project.

asselstine commented 3 years ago

https://github.com/code-423n4/2021-10-pooltogether-findings/issues/41

GalloDaSballo commented 3 years ago

Duplicate of #41