search

code-423n4 / 2022-01-xdefi-findings

0 stars 0 forks source link

`XDEFIDistribution.sol#constructor()` Validation of `XDEFI_` can be done earlier to save gas #104

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

Check if XDEFI_ != address(0) earlier can avoid unnecessary code execution (XDEFI = XDEFI_) when this check failed.

https://github.com/XDeFi-tech/xdefi-distribution/blob/3856a42df295183b40c6eee89307308f196612fe/contracts/XDEFIDistribution.sol#L39-L44

constructor (address XDEFI_, string memory baseURI_, uint256 zeroDurationPointBase_) ERC721("Locked XDEFI", "lXDEFI") {
    require((XDEFI = XDEFI_) != address(0), "INVALID_TOKEN");
    owner = msg.sender;
    baseURI = baseURI_;
    _zeroDurationPointBase = zeroDurationPointBase_;
}

Recommendation

Change to:

constructor (address XDEFI_, string memory baseURI_, uint256 zeroDurationPointBase_) ERC721("Locked XDEFI", "lXDEFI") {
    require(XDEFI_ != address(0), "INVALID_TOKEN");
    XDEFI = XDEFI_;
    owner = msg.sender;
    baseURI = baseURI_;
    _zeroDurationPointBase = zeroDurationPointBase_;
}
deluca-mike commented 2 years ago

This increases deploy costs (tested) with no added benefit, since most wallets will already alert the user, or prevent the user, from signing and broadcasting transactions that will revert.

Ivshti commented 2 years ago

agreed, not a valid finding