devtooligan
commented
2 years ago I don't think this work because the calling fn creates the array in memory? At least it wouldn't compile when I tried this change
Open code423n4 opened 2 years ago
devtooligan
commented
2 years ago I don't think this work because the calling fn creates the array in memory? At least it wouldn't compile when I tried this change
GalloDaSballo
commented
2 years ago I believe memory here should cost more than calldata, but not 700 gas.
I'd love to see the warden's work. But in lack of any POC, with my doubts and the sponsor disputing, am going to mark the finding invalid.
Would recommend the warden to provide their work to give them a better chance when their finding is contested
Handle
Fitraldys
Vulnerability details
Impact
In the _calcCvxIntegral() and _calcRewardIntegral() it has an inputed parameter that using memory, since this function didnt change the
_accountsand_balancesparameter, its cheaper to use calldata instead, because this function only need to read_accountsand_balancesparameter, by changing it to calldata can save +- 700 gas.Proof of Concept
https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexStakingWrapper.sol#L155 https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexStakingWrapper.sol#L156 https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexStakingWrapper.sol#L208 https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexStakingWrapper.sol#L209