Closed code423n4 closed 2 years ago
WatchPug
Every reason string takes at least 32 bytes.
Use short reason strings that fits in 32 bytes or it will become more expensive.
Instances include:
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/ActivePool.sol#L229-L232
require( msg.sender == borrowerOperationsAddress || msg.sender == defaultPoolAddress, "ActivePool: Caller is neither BO nor Default Pool");
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/ActivePool.sol#L244-L249
function _requireCallerIsBOorTroveM() internal view { require( msg.sender == borrowerOperationsAddress || msg.sender == troveManagerAddress, "ActivePool: Caller is neither BorrowerOperations nor TroveManager"); }
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/BorrowerOperations.sol#L1018-L1021
require( _debtRepayment <= _currentDebt.sub(YUSD_GAS_COMPENSATION), "BorrowerOps: Amount repaid must not be larger than the Trove's debt" );
Duplicate #66
kingyetifinance
commented
2 years ago kingyetifinance
commented
2 years ago
Handle
WatchPug
Vulnerability details
Every reason string takes at least 32 bytes.
Use short reason strings that fits in 32 bytes or it will become more expensive.
Instances include:
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/ActivePool.sol#L229-L232
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/ActivePool.sol#L244-L249
https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/BorrowerOperations.sol#L1018-L1021