search

code-423n4 / 2022-01-trader-joe-findings

2 stars 0 forks source link

depositAVAX() Require msg.sender != issuer is Waste of Gas #225

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Meta0xNull

Vulnerability details

Impact

require(msg.sender != issuer, "LaunchEvent: issuer cannot participate");

depositAVAX() Require msg.sender != issuer is Waste of Gas because issuer can call depositAVAX() by using different wallet address.

Proof of Concept

https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/LaunchEvent.sol#L312

Tools Used

Manual Review

Recommended Mitigation Steps

Remove Line 312 to save participants gas fee.

cryptofish7 commented 2 years ago

It doesn’t matter if issuer enters with a different wallet, it’s to make sure he shouldn’t receive LP / incentives

dmvt commented 2 years ago

Agree with sponsor. Sacrificing features or guards to save gas is not reasonable.