Open code423n4 opened 2 years ago
WatchPug
When tokenAddress == address(0), it's unnecessary to create the variable token as it will not be used.
tokenAddress == address(0)
token
Furthermore, since the variable token is only used in one place, making it inline will make the code simpler.
https://github.com/code-423n4/2021-10-union/blob/4176c366986e6d1a6b3f6ec0079ba547b040ac0f/contracts/asset/PureTokenAdapter.sol#L90-L93
function _supportsToken(address tokenAddress) internal view returns (bool) { IERC20Upgradeable token = IERC20Upgradeable(tokenAddress); return tokenAddress != address(0) && token.balanceOf(address(this)) >= 0; // simple check if the token is ERC20 compatible }
Change to:
function _supportsToken(address tokenAddress) internal view returns (bool) { return tokenAddress != address(0) && IERC20Upgradeable(tokenAddress).balanceOf(address(this)) >= 0; // simple check if the token is ERC20 compatible }
Agree with the finding
Handle
WatchPug
Vulnerability details
When
tokenAddress == address(0)
, it's unnecessary to create the variabletoken
as it will not be used.Furthermore, since the variable
token
is only used in one place, making it inline will make the code simpler.https://github.com/code-423n4/2021-10-union/blob/4176c366986e6d1a6b3f6ec0079ba547b040ac0f/contracts/asset/PureTokenAdapter.sol#L90-L93
Recommendation
Change to: