Closed code423n4 closed 2 years ago
WatchPug
https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/staking-rewards/StakingRewards.sol#L162-L162
IERC20(tokenAddress).safeTransfer(owner, tokenAmount);
The recoverERC20() function is onlyOwner, therefore, at L162, owner can be change to msg.sender directly to avoid unnecessary storage read of owner to save some gas.
recoverERC20()
onlyOwner
owner
msg.sender
Change to:
IERC20(tokenAddress).safeTransfer(msg.sender, tokenAmount);
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/staking-rewards/StakingRewards.sol#L162-L162
The
recoverERC20()
function isonlyOwner
, therefore, at L162,owner
can be change tomsg.sender
directly to avoid unnecessary storage read ofowner
to save some gas.Recommendation
Change to: