The Stream.claimFees function performs two expensive external calls:
function claimFees(address destination) public lock externallyGoverned {
// Stream is done
require(block.timestamp >= endStream, "stream");
// reset fee amount
uint112 fees = rewardTokenFeeAmount;
if (fees > 0) {
rewardTokenFeeAmount = 0;
// transfer and emit event
// @audit gas batch these two fee transfers into single one by adding up amt
ERC20(rewardToken).safeTransfer(destination, fees);
emit FeesClaimed(rewardToken, destination, fees);
}
fees = depositTokenFlashloanFeeAmount;
if (fees > 0) {
depositTokenFlashloanFeeAmount = 0;
// transfer and emit event
ERC20(depositToken).safeTransfer(destination, fees);
emit FeesClaimed(depositToken, destination, fees);
}
}
Consider first adding up the fees and doing a single transfer with the sum.
The FeesClaimed event can then also be only emitted once.
Handle
cmichel
Vulnerability details
The
Stream.claimFees
function performs two expensive external calls:Consider first adding up the fees and doing a single transfer with the sum. The
FeesClaimed
event can then also be only emitted once.