code-423n4 / 2022-01-insure-findings

2 stars 0 forks source link

[WP-G14] `AuctionBurnReserveSkew.sol#deposit()` Implementation can be simpler and save some gas #233

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2022-01-insure/blob/19d1a7819fe7ce795e6d4814e7ddf8b8e1323df3/contracts/CDSTemplate.sol#L260-L270

if (_available >= _amount) {
    _compensated = _amount;
    _attributionLoss = vault.transferValue(_amount, msg.sender);
    emit Compensated(msg.sender, _amount);
} else {
    //when CDS cannot afford, pay as much as possible
    _compensated = _available;
    _attributionLoss = vault.transferValue(_available, msg.sender);
    emit Compensated(msg.sender, _available);
}

Recommendation

Change to:

_compensated = _available >= _amount? _amount: _available;

_attributionLoss = vault.transferValue(_compensated, msg.sender);
emit Compensated(msg.sender, _compensated);

Duplicated codes removed;
Shorter and simpler code.

0xHaku commented 2 years ago

@oishun1112 already fixed.