search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Inline unnecessary function can make the code simpler and save some gas #278

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/YUSDToken.sol#L297-L301

    function _requireCallerIsTMLorSP() internal view {
        require(
            msg.sender == stabilityPoolAddress || msg.sender == troveManagerLiquidationsAddress,
            "YUSD: Caller is neither TroveManagerLiquidator nor StabilityPool");
    }

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/YUSDToken.sol#L128-L131

    function returnFromPool(address _poolAddress, address _receiver, uint256 _amount) external override {
        _requireCallerIsTMLorSP();
        _transfer(_poolAddress, _receiver, _amount);
    }

_requireCallerIsTMLorSP() is unnecessary as it's being used only once. Therefore it can be inlined in returnFromPool() to make the code simpler and save gas.

Recommendation

Change to:

    function returnFromPool(address _poolAddress, address _receiver, uint256 _amount) external override {
        require(
            msg.sender == stabilityPoolAddress || msg.sender == troveManagerLiquidationsAddress,
            "YUSD: Caller is neither TroveManagerLiquidator nor StabilityPool");
        _transfer(_poolAddress, _receiver, _amount);
    }

Other examples include: