The merkleAccess field on the TokenStream struct (source code here) is unused.
This will result in unnecessary gas costs whenever a TokenStream is accessed or modified (such as during every updateStream call).
Because TokenStreams are stored in storage, this extra cost will be particularly expensive.
This field takes up a new storage slot, since each slot is 256 bits:
lastCumulativeRewardPerToken takes up 1 slot.
virtualBalance takes up 1 slot.
rewards, tokens and lastUpdate take up 1 slot.
merkleAccess takes up another slot.
Handle
mtz
Vulnerability details
Impact
The
merkleAccess
field on theTokenStream
struct (source code here) is unused. This will result in unnecessary gas costs whenever aTokenStream
is accessed or modified (such as during everyupdateStream
call). Because TokenStreams are stored in storage, this extra cost will be particularly expensive. This field takes up a new storage slot, since each slot is 256 bits:lastCumulativeRewardPerToken
takes up 1 slot.virtualBalance
takes up 1 slot.rewards
,tokens
andlastUpdate
take up 1 slot.merkleAccess
takes up another slot.Proof of Concept
N/A
Tools Used
N/A
Recommended Mitigation Steps
Delete
merkleAccess
fromTokenStream
.