Closed code423n4 closed 2 years ago
Tomio
if the value is 0, will waste gas to transfer 0 value
https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeStaking.sol#L125
Remix
function withdraw(uint256 _amount) external { UserInfo storage user = userInfo[msg.sender]; require( user.amount >= _amount, "RocketJoeStaking: withdraw amount exceeds balance" ); updatePool(); uint256 pending = (user.amount * accRJoePerShare) / PRECISION - user.rewardDebt; if(pending > 0){ _safeRJoeTransfer(msg.sender, pending); } user.amount = user.amount - _amount; user.rewardDebt = (user.amount * accRJoePerShare) / PRECISION; joe.safeTransfer(address(msg.sender), _amount); emit Withdraw(msg.sender, _amount);
Duplicate of #71
cryptofish7
commented
2 years ago cryptofish7
commented
2 years ago
Handle
Tomio
Vulnerability details
Impact
if the value is 0, will waste gas to transfer 0 value
Proof of Concept
https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/RocketJoeStaking.sol#L125
Tools Used
Remix
Recommended Mitigation Steps