Open code423n4 opened 2 years ago
While two seperate require checks result in about 14 gas saved on lock
, relock
, and relockBatch
, it costs 10923 more gas to deploy, which it worth it after 780 calls. I guess this is a fair trade-off.
In any case, due to the move to if-revert
s and custom error messages, and the removal of the MAX_TOTAL_XDEFI_SUPPLY
variable, and it's check, this is being changed to a check on the resulting computed units
:
if (units == uint256(0)) revert LockResultsInNoUnits();
In release candidate contracts, amount_
is no longer checked, and thus MAX_TOTAL_XDEFI_SUPPLY
is not needed, and the condition is no longer two-fold. Instead, resulting units are checked to be greater or equal to some minimum.
resolved & confirmed
Handle
rfa
Vulnerability details
Impact
more expensive gas usage
Proof of Concept
instead of using operator && on single require check (XDEFIDistribution.sol line 255). using double require check can save more gas:
require(amount != uint256(0) && amount <= MAX_TOTAL_XDEFI_SUPPLY, "INVALID_AMOUNT");
Tools Used
Recommended Mitigation Steps
require(amount_ != uint256(0), "INVALIDAMOUNT" ); require(amount <= MAX_TOTAL_XDEFI_SUPPLY, "INVALID_AMOUNT");