c4-bot-10 commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/tokens/ERC20MultiVotes.sol#L427

Vulnerability details

Impact

Detailed description of the impact of this finding. Greedy Vote Freeing: The _decrementVotesUntilFree function uses a greedy algorithm that could potentially free more votes than necessary, which might not be the most gas-efficient approach. A more precise algorithm could be considered.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function _decrementVotesUntilFree(address user, uint256 votes) internal { uint256 userFreeVotes = freeVotes(user);

    // early return if already free
    if (userFreeVotes >= votes) return;

    // cache total for batch updates
    uint256 totalFreed;

    // Loop through all delegates
    address[] memory delegateList = _delegates[user].values();

    // Free delegates until through entire list or under votes amount
    uint256 size = delegateList.length;
    for (
        uint256 i = 0;
        i < size && (userFreeVotes + totalFreed) < votes;
        i++
    ) {
        address delegatee = delegateList[i];
        uint256 delegateVotes = _delegatesVotesCount[user][delegatee];
        if (delegateVotes != 0) {
@>            totalFreed += delegateVotes;

            require(_delegates[user].remove(delegatee)); // Remove from set. Should never fail.

            _delegatesVotesCount[user][delegatee] = 0;

            _writeCheckpoint(delegatee, _subtract, delegateVotes);
            emit Undelegation(user, delegatee, delegateVotes);
        }
    }

    userDelegatedVotes[user] -= totalFreed;
}