search

code-423n4 / 2021-11-streaming-findings

0 stars 0 forks source link

Remove unnecessary variables can make the code simpler and save some gas #233

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2021-11-streaming/blob/56d81204a00fc949d29ddd277169690318b36821/Streaming/src/Locke.sol#L26-L31

/// Update pending governor
function setPendingGov(address newPendingGov) governed public {
    address old = pendingGov;
    pendingGov = newPendingGov;
    emit NewPendingGov(old, newPendingGov);
}

old is unnecessary as it's being used only once. Can be changed to:

/// Update pending governor
function setPendingGov(address newPendingGov) governed public {
    emit NewPendingGov(pendingGov, newPendingGov);
    pendingGov = newPendingGov;
}

https://github.com/code-423n4/2021-11-streaming/blob/56d81204a00fc949d29ddd277169690318b36821/Streaming/src/Locke.sol#L237-L238

uint256 globalStreamingSpeedPerSecond = (uint256(unstreamed) * 10**6)/ (endStream - lastUpdate);
unstreamed -= uint112((uint256(tdelta) * globalStreamingSpeedPerSecond) / 10**6);

Can be changed to:

unstreamed -= uint112((uint256(tdelta) * (uint256(unstreamed) * 10**6)/ (endStream - lastUpdate)) / 10**6);

https://github.com/code-423n4/2021-11-streaming/blob/56d81204a00fc949d29ddd277169690318b36821/Streaming/src/Locke.sol#L417-L447

function stake(uint112 amount) public lock updateStream(msg.sender) {
    require(amount > 0, "amt");

    // checked in updateStream
    // require(block.timestamp < endStream, "stake:!stream");

    // transfer tokens over
    uint256 prevBal = ERC20(depositToken).balanceOf(address(this));
    ERC20(depositToken).safeTransferFrom(msg.sender, address(this), amount);
    uint256 newBal = ERC20(depositToken).balanceOf(address(this));
    require(newBal <= type(uint112).max && newBal > prevBal, "erc");

    uint112 trueDepositAmt = uint112(newBal - prevBal);

    depositTokenAmount += trueDepositAmt;
    TokenStream storage ts = tokensNotYetStreamed[msg.sender];
    ts.tokens += trueDepositAmt;

    uint256 virtualBal = dilutedBalance(trueDepositAmt);
    ts.virtualBalance += virtualBal;
    totalVirtualBalance += virtualBal;
    unstreamed += trueDepositAmt;

    if (!isSale) {
        // not a straight sale, so give the user some receipt tokens
        _mint(msg.sender, trueDepositAmt);
    } else {
    }

    emit Staked(msg.sender, trueDepositAmt);
}

trueDepositAmt can be replaced with amount.

https://github.com/code-423n4/2021-11-streaming/blob/56d81204a00fc949d29ddd277169690318b36821/Streaming/src/Locke.sol#L500-L511

function createIncentive(address token, uint112 amount) public lock {
    require(token != rewardToken && token != depositToken, "inc");

    uint256 prevBal = ERC20(token).balanceOf(address(this));
    ERC20(token).safeTransferFrom(msg.sender, address(this), amount);
    uint256 newBal = ERC20(token).balanceOf(address(this));
    require(newBal <= type(uint112).max && newBal > prevBal, "erc");

    uint112 amt = uint112(newBal - prevBal);
    incentives[token] += amt;
    emit StreamIncentivized(token, amt);
}

amt can be replaced with amount.

https://github.com/code-423n4/2021-11-streaming/blob/56d81204a00fc949d29ddd277169690318b36821/Streaming/src/Locke.sol#L743-L743

(bool success, bytes memory _ret) = who.call(data);

Can be changed to:

(bool success, ) = who.call(data);