settPeak.mint() and byvWbtcPeak.mint() are blockLocked, check if locked before calling them can allow blocklocked transactions to fail earlier and save gas.
function mint(IERC20 token, uint amount, uint poolId, uint idx, uint minOut)
external
defend
blockLocked
whenNotPaused
returns(uint _ibbtc)
{
token.safeTransferFrom(msg.sender, address(this), amount);
Pool memory pool = pools[poolId];
if (poolId < 3) { // setts
_addLiquidity(pool.deposit, amount, poolId + 2, idx); // pools are such that the #tokens they support is +2 from their poolId.
pool.sett.deposit(pool.lpToken.balanceOf(address(this)));
_ibbtc = settPeak.mint(poolId, pool.sett.balanceOf(address(this)), new bytes32[](0));
} else if (poolId == 3) { // byvwbtc
IbyvWbtc(address(pool.sett)).deposit(new bytes32[](0)); // pulls all available
_ibbtc = byvWbtcPeak.mint(pool.sett.balanceOf(address(this)), new bytes32[](0));
} else {
revert("INVALID_POOL_ID");
}
require(_ibbtc >= minOut, "INSUFFICIENT_IBBTC"); // used for capping slippage in curve pools
ibbtc.safeTransfer(msg.sender, _ibbtc);
}
GalloDaSballo
commented
2 years ago
Handle
WatchPug
Vulnerability details
settPeak.mint()andbyvWbtcPeak.mint()areblockLocked, check if locked before calling them can allow blocklocked transactions to fail earlier and save gas.https://github.com/Badger-Finance/ibbtc/blob/d8b95e8d145eb196ba20033267a9ba43a17be02c/contracts/Zap.sol#L93-L116