search

code-423n4 / 2021-10-tally-findings

0 stars 0 forks source link

Inefficient logic statement results in checking signifiesETHOrZero(zrxBuyTokenAddress) twice #8

Closed code423n4 closed 2 years ago

code423n4 commented 3 years ago

Handle

TomFrench

Vulnerability details

Impact

Increased gas cost on swaps

Proof of Concept

The logic in the require statement at this link can be simplified: https://github.com/code-423n4/2021-10-tally/blob/c585c214edb58486e0564cb53d87e4831959c08b/contracts/swap/Swap.sol#L142-L152

(!signifiesETHOrZero(zrxBuyTokenAddress) && boughtERC20Amount >= minimumAmountReceived) ||(signifiesETHOrZero(zrxBuyTokenAddress) && boughtETHAmount >= minimumAmountReceived)

is equivalent to

signifiesETHOrZero(zrxBuyTokenAddress) ? boughtETHAmount >= minimumAmountReceived : boughtERC20Amount >= minimumAmountReceived

Recommended Mitigation Steps

Replace logic statement with simplified version.

0xean commented 2 years ago

dupe of #41