function sweepTokens(IERC20[] calldata _tokens) external {
//if (msg.sender != receiver) revert InvalidSender();
//if (active()) revert InvalidState();
// Loops through the extra tokens (ERC20) provided and sends all of them to the sender address
for (uint256 i; i < _tokens.length; i++) {
counter += 1;
//IERC20 token = _tokens[i];
//token.safeTransfer(msg.sender, token.balanceOf(address(this)));
}
}
// 48066 using memory
// 46686 using calldata
Handle
Tomio
Vulnerability details
Impact
In the https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/SherBuy.sol#L181 receiver can sweep the token, by inputing all of the address that this contract has, since the _tokens parameter is not going to be changed in this function, its cheaper to use calldata than memory
Proof of Concept