The merkleAccess field on the TokenStream struct (source code here) is unused.
This will result in unnecessary gas costs whenever a TokenStream is accessed or modified (such as during every updateStream call).
Because TokenStreams are stored in storage, this extra cost will be particularly expensive.
This field takes up a new storage slot, since each slot is 256 bits:
lastCumulativeRewardPerToken takes up 1 slot.
virtualBalance takes up 1 slot.
rewards, tokens and lastUpdate take up 1 slot.
merkleAccess takes up another slot.
0xean
commented
2 years ago
Handle
mtz
Vulnerability details
Impact
The
merkleAccessfield on theTokenStreamstruct (source code here) is unused. This will result in unnecessary gas costs whenever aTokenStreamis accessed or modified (such as during everyupdateStreamcall). Because TokenStreams are stored in storage, this extra cost will be particularly expensive. This field takes up a new storage slot, since each slot is 256 bits:lastCumulativeRewardPerTokentakes up 1 slot.virtualBalancetakes up 1 slot.rewards,tokensandlastUpdatetake up 1 slot.merkleAccesstakes up another slot.Proof of Concept
N/A
Tools Used
N/A
Recommended Mitigation Steps
Delete
merkleAccessfromTokenStream.