search

code-423n4 / 2021-12-pooltogether-findings

0 stars 0 forks source link

Transfer amounts not checked for > 0 #137

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

ye0lde

Vulnerability details

Impact

Transfer amount can be checked for > 0 before making the external call to safeTransfer or transfer. This can save gas by avoiding the external call.

Proof of Concept

The transfers are here: https://github.com/pooltogether/v4-periphery/blob/b520faea26bcf60371012f6cb246aa149abd3c7d/contracts/TwabRewards.sol#L133 https://github.com/pooltogether/v4-periphery/blob/b520faea26bcf60371012f6cb246aa149abd3c7d/contracts/TwabRewards.sol#L186

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Check that transfer amount != 0

PierrickGT commented 2 years ago

Most transfers will be made with an amount superior to 0, so it will actually be less gas efficient for these transfers. For this reason, I've acknowledged the issue but we won't make any change.