Function getLockedAmount, https://github.com/code-423n4/2021-10-union/blob/main/contracts/user/CreditLimitByMedian.sol#L27, performs repetitive unnecessary calculations.
In both loops, at l. 37 and l. 64, newLockedAmount calculations are independent between iterations and are relevant only when (account == array[i].staker) is true, so this condition check should be placed first:
if (account == array[i].staker) {// calculations & return}
Also, all the 'newLockedAmount = x' which are the last operations of a corresponding logic parts can be replaced with 'return x'.
3
AssetManager's rebalance function gathers all the available funds from moneyMarkets, https://github.com/code-423n4/2021-10-union/blob/main/contracts/asset/AssetManager.sol#L370, which can be replaced with balance checks and then required transfer calculations, i.e. how much funds to be placed or withdrawn as a result of rebalance. This requires interface update with balance request function, but saves half of token transfers as withdraw plus deposit combination for each moneyMarket will be replaced with one net transfer, withdraw or deposit.
GalloDaSballo
commented
3 years ago
Handle
hyh
Vulnerability details
1
Function _sortArray, https://github.com/code-423n4/2021-10-union/blob/main/contracts/user/CreditLimitByMedian.sol#L107, implements bubble sorting, which can be inefficient. Number of operations will statistically decrease if bubble sorting be replaced with any known efficient sorting approach, https://en.wikipedia.org/wiki/Sorting_algorithm#Efficient_sorts.
2
Function getLockedAmount, https://github.com/code-423n4/2021-10-union/blob/main/contracts/user/CreditLimitByMedian.sol#L27, performs repetitive unnecessary calculations. In both loops, at l. 37 and l. 64, newLockedAmount calculations are independent between iterations and are relevant only when (account == array[i].staker) is true, so this condition check should be placed first: if (account == array[i].staker) {// calculations & return} Also, all the 'newLockedAmount = x' which are the last operations of a corresponding logic parts can be replaced with 'return x'.
3
AssetManager's rebalance function gathers all the available funds from moneyMarkets, https://github.com/code-423n4/2021-10-union/blob/main/contracts/asset/AssetManager.sol#L370, which can be replaced with balance checks and then required transfer calculations, i.e. how much funds to be placed or withdrawn as a result of rebalance. This requires interface update with balance request function, but saves half of token transfers as withdraw plus deposit combination for each moneyMarket will be replaced with one net transfer, withdraw or deposit.