Open code423n4 opened 2 years ago
WatchPug
There is no risk of overflow caused by increamenting the iteration index in for loops (the i++ in for for (uint256 i = 0; i < weights.length; i++)).
i++
for (uint256 i = 0; i < weights.length; i++)
Increments perform overflow checks that are not necessary in this case.
Surround the increment expressions with an unchecked { ... } block to avoid the default overflow checks. For example, change the for loop:
unchecked { ... }
https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L289-L293
for (uint256 i = 0; i < weights.length; i++) { uint256 tokenAmount = amount * weights[i] * ibRatio / BASE / BASE; require(tokenAmount > 0); IERC20(tokens[i]).safeTransferFrom(from, address(this), tokenAmount); }
to
for (uint256 i = 0; i < weights.length;) { uint256 tokenAmount = amount * weights[i] * ibRatio / BASE / BASE; require(tokenAmount > 0); IERC20(tokens[i]).safeTransferFrom(from, address(this), tokenAmount); unchecked { ++i; } }
Handle
WatchPug
Vulnerability details
There is no risk of overflow caused by increamenting the iteration index in for loops (the
i++in forfor (uint256 i = 0; i < weights.length; i++)).Increments perform overflow checks that are not necessary in this case.
Recommendation
Surround the increment expressions with an
unchecked { ... }block to avoid the default overflow checks. For example, change the for loop:https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Basket.sol#L289-L293
to