Closed code423n4 closed 2 years ago
WatchPug
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/gateway/L2LPTDataCache.sol#L91-L94
return l1TotalSupply >= l2SupplyFromL1 ? l1TotalSupply - l2SupplyFromL1 : 0;
When l1TotalSupply == l2SupplyFromL1, l1TotalSupply - l2SupplyFromL1 == 0. Therefore, replace >= with > can avoid the unnecessary arithmetic operations and storage reads (l1TotalSupply - l2SupplyFromL1).
l1TotalSupply
l2SupplyFromL1
l1TotalSupply - l2SupplyFromL1
>=
>
Change to:
return l1TotalSupply > l2SupplyFromL1 ? l1TotalSupply - l2SupplyFromL1 : 0;
Duplicate of https://github.com/code-423n4/2022-01-livepeer-findings/issues/150
yondonfu
commented
2 years ago yondonfu
commented
2 years ago
Handle
WatchPug
Vulnerability details
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/gateway/L2LPTDataCache.sol#L91-L94
When
l1TotalSupply==l2SupplyFromL1,l1TotalSupply - l2SupplyFromL1== 0. Therefore, replace>=with>can avoid the unnecessary arithmetic operations and storage reads (l1TotalSupply - l2SupplyFromL1).Recommendation
Change to: