Closed code423n4 closed 2 years ago
XDEFI
(line 20) is already "constant" since it's an immutable
and behaves like an in-line literal ion the code, once deployed. Yes, it does cost a bit more to deploy, but having it be set in the constructor allows for testing/deploying on different chains, and locally, without manual modifications.
Handle
Meta0xNull
Vulnerability details
Impact
Since XDEFI Address is Known and it is Permanent, hardcoded XDEFI address and make it constant can save some gas.
Also, this can avoid fat finger error when deploy contract which cost extra gas if need to redo.
Proof of Concept
https://github.com/XDeFi-tech/xdefi-distribution/blob/master/contracts/XDEFIDistribution.sol#L20 https://github.com/XDeFi-tech/xdefi-distribution/blob/master/contracts/XDEFIDistribution.sol#L39-L40
Tools Used
Manual
Recommended Mitigation Steps
address public constant XDEFI = 0x72b886d09c117654ab7da13a14d603001de0b777;