Closed code423n4 closed 2 years ago
Ruhum
Using calldata is less expensive than memory. It can only be used in external functions tho and the parameter can't be modified.
calldata
memory
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol#L125
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol#L131
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol#L163
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/XOLE.sol#L70
use calldata wherever you can
Duplicate to #29
ColaM12
commented
2 years ago ColaM12
commented
2 years ago
Handle
Ruhum
Vulnerability details
Impact
Using
calldatais less expensive thanmemory. It can only be used in external functions tho and the parameter can't be modified.Proof of Concept
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol#L125
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol#L131
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol#L163
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/XOLE.sol#L70
Tools Used
Recommended Mitigation Steps
use
calldatawherever you can