Open code423n4 opened 2 years ago
WatchPug
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L170-L179
uint256 vaultDepositAmount = ICurveZap(CURVE_IBBTC_DEPOSIT_ZAP) .add_liquidity( CURVE_IBBTC_METAPOOL, depositAmounts, 0, address(this) ); // deposit crv lp tokens into vault ISett(IBBTC_VAULT).depositFor(msg.sender, vaultDepositAmount);
CURVE_IBBTC_DEPOSIT_ZAP is defined as ICurveZap and IBBTC_VAULT is ISett already, the type casting is redundant.
CURVE_IBBTC_DEPOSIT_ZAP
ICurveZap
IBBTC_VAULT
ISett
Agree that the typecasting is superfluous, don't believe this poses any additional risks
marking as non-critical as it does not pose any security risk.
non-critical
Handle
WatchPug
Vulnerability details
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L170-L179
CURVE_IBBTC_DEPOSIT_ZAP
is defined asICurveZap
andIBBTC_VAULT
isISett
already, the type casting is redundant.