code423n4 commented 2 years ago

Handle

Czar102

Vulnerability details

Impact

Functions exchange(uint256), setExpirationBlock(uint256), ngmi(uint256,uint256,bytes32[]), requery(), party0Accept(), party1Accept() (the last two in both contracts) are marked public, while can be external. This uses more gas.

Proof of Concept

PegExchanger.sol#36-45

PegExchanger.sol#80-86

PegExchanger.sol#89-95

PegExchanger.sol#101-115

TRIBERagequit.sol#59-82

TRIBERagequit.sol#110-131

TRIBERagequit.sol#204-213

TRIBERagequit.sol#216-225

Tools Used

slither

Recommended Mitigation Steps

Mark these functions external.

elee1766 commented 2 years ago

duplicate #27

pauliax commented 2 years ago

A duplicate of #27

code-423n4 / 2021-11-fei-findings