Closed code423n4 closed 2 years ago
This is very similar to #62 and #64
Up to the judge to group them
Leaving https://github.com/code-423n4/2022-01-yield-findings/issues/67 valid but marking the rest as invalid as they are duplicates by the same warden
Handle
Dravee
Vulnerability details
Impact
Increased gas cost due to unnecessary automatic underflow checks.
Solidity version 0.8+ comes with implicit overflow and underflow checks on unsigned integers.
When an overflow or an underflow isn't possible (as an example, when a comparison is made before the arithmetic operation, or the operation doesn't depend on user input), some gas can be saved by using an
unchecked
block.https://docs.soliditylang.org/en/v0.8.10/control-structures.html#checked-or-unchecked-arithmetic
Proof of Concept
In
ConvexStakingWrapper.sol:removeVault()
, the for-loop wouldn't iterate ifvaultsLength == 0
:Therefore, lines 82 and 84 can't underflow. They should be inside an
unchecked
block.Tools Used
VS Code
Recommended Mitigation Steps
Uncheck arithmetic operations when the risk of underflow or overflow is already contained by wrapping them in an
unchecked
block