code-423n4 / 2021-11-badgerzaps-findings

0 stars 0 forks source link

Redundant type casting #42

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L170-L179

uint256 vaultDepositAmount = ICurveZap(CURVE_IBBTC_DEPOSIT_ZAP)
    .add_liquidity(
        CURVE_IBBTC_METAPOOL,
        depositAmounts,
        0,
        address(this)
    );

// deposit crv lp tokens into vault
ISett(IBBTC_VAULT).depositFor(msg.sender, vaultDepositAmount);

CURVE_IBBTC_DEPOSIT_ZAP is defined as ICurveZap and IBBTC_VAULT is ISett already, the type casting is redundant.

GalloDaSballo commented 2 years ago

Agree that the typecasting is superfluous, don't believe this poses any additional risks

0xleastwood commented 2 years ago

marking as non-critical as it does not pose any security risk.