search

code-423n4 / 2022-01-xdefi-findings

0 stars 0 forks source link

Hardcoded XDEFI Address and Make it Constant to Save Gas #84

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Meta0xNull

Vulnerability details

Impact

Since XDEFI Address is Known and it is Permanent, hardcoded XDEFI address and make it constant can save some gas.

Also, this can avoid fat finger error when deploy contract which cost extra gas if need to redo.

Proof of Concept

https://github.com/XDeFi-tech/xdefi-distribution/blob/master/contracts/XDEFIDistribution.sol#L20 https://github.com/XDeFi-tech/xdefi-distribution/blob/master/contracts/XDEFIDistribution.sol#L39-L40

Tools Used

Manual

Recommended Mitigation Steps

address public constant XDEFI = 0x72b886d09c117654ab7da13a14d603001de0b777;

deluca-mike commented 2 years ago

XDEFI (line 20) is already "constant" since it's an immutable and behaves like an in-line literal ion the code, once deployed. Yes, it does cost a bit more to deploy, but having it be set in the constructor allows for testing/deploying on different chains, and locally, without manual modifications.