bytes032
commented
12 months ago the gas is paid by the user calling the function
Closed code423n4 closed 11 months ago
bytes032
commented
12 months ago the gas is paid by the user calling the function
c4-pre-sort
commented
12 months ago bytes032 marked the issue as low quality report
c4-judge
commented
11 months ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/reLP/ReLPContract.sol#L202
Vulnerability details
Impact
If _amount is 0, the reLP function will still execute all its operations, including external contract calls, which consume gas. This could lead to unnecessary gas costs for the caller. In a worst-case scenario, if this function is called repeatedly with _amount as 0, it could drain the funds of the caller due to high gas costs. Remediation: Add a require statement at the start of the function to check if _amount is greater than 0. This will immediately revert the transaction if _amount is 0, preventing unnecessary gas usage.
Proof of Concept
Exploit Scenario: An attacker could repeatedly call the reLP function with _amount as 0, causing the contract to execute unnecessary operations and waste gas. Remediation: Add a require statement at the start of the function to check if _amount is greater than 0..
Tools Used
foundry
Recommended Mitigation Steps
Add a require statement at the start of the function to check if _amount is greater than 0.
Assessed type
Invalid Validation