search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Gas savings: Require statement is not needed #143

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

csanuragjain

Vulnerability details

Impact

Gas saving

Proof of Concept

  1. Navigate to contract at https://github.com/code-423n4/2021-12-yetifinance/blob/main/packages/contracts/contracts/Dependencies/CheckContract.sol

  2. Observe the checkContract function

function checkContract(address _account) internal view {
        require(_account != address(0), "Account cannot be zero address");

        uint256 size;
        // solhint-disable-next-line no-inline-assembly
        assembly { size := extcodesize(_account) }
        require(size > 0, "Account code size cannot be zero");
    }
  1. Observe that require condition for 0 address check is not required as if 0 address is given then size will become 0 (code size is 0) and require(size>0) fails
kingyetifinance commented 2 years ago

@LilYeti: Need to confirm / is more clear this way. Don't really know what will be returned if that check is removed and addr 0 is used. Will change if confirmed.