Closed code423n4 closed 2 years ago
WatchPug
https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/staking-rewards/StakingRewards.sol#L162-L162
IERC20(tokenAddress).safeTransfer(owner, tokenAmount);
The recoverERC20() function is onlyOwner, therefore, at L162, owner can be change to msg.sender directly to avoid unnecessary storage read of owner to save some gas.
recoverERC20()
onlyOwner
owner
msg.sender
Change to:
IERC20(tokenAddress).safeTransfer(msg.sender, tokenAmount);
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/staking-rewards/StakingRewards.sol#L162-L162
The
recoverERC20()function isonlyOwner, therefore, at L162,ownercan be change tomsg.senderdirectly to avoid unnecessary storage read ofownerto save some gas.Recommendation
Change to: