search

code-423n4 / 2021-11-nested-findings

1 stars 1 forks source link

Function state mutability can be restricted to pure #155

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/libraries/OperatorHelpers.sol#L45-L53

function decodeDataAndRequire(
    bytes memory _data,
    address _inputToken,
    address _outputToken
) internal returns (uint256[] memory amounts, address[] memory tokens) {
    (amounts, tokens) = abi.decode(_data, (uint256[], address[]));
    require(tokens[0] == _outputToken, "OperatorHelpers::getDecodeDataAndRequire: Wrong output token");
    require(tokens[1] == _inputToken, "OperatorHelpers::getDecodeDataAndRequire: Wrong input token");
}

https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L557-L559

function _calculateFees(address _user, uint256 _amount) private view returns (uint256) {
    return _amount / 100;
}
maximebrugel commented 2 years ago

Duplicated : #48 for decodeDataAndRequire Duplicated : #167 for _calculateFees