search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

E-03 MitigationConfirmed #116

Open c4-bot-10 opened 4 months ago

c4-bot-10 commented 4 months ago

Lines of code

Vulnerability details

Lines of code

Vulnerability details

Additional Scope Issue

https://github.com/othernet-global/salty-io/commit/60de2c02bcfbcc64b41c03ea0582ec9e7a3f332a

Comments

The commits attempts to do a gas stabilization by avoiding zero overwrites on updates. It does this in poolstats to ensure _arbitrageProfits is reset to 1 to avoid overwriting.

It also added logic in DAO.sol as so:

    if ( withdrawnAmount <= ( PoolUtils.DUST + 1 ) )
        return 0;

    // Don't withdraw all profits to avoid the increased gas cost of overwriting zero
    withdrawnAmount -= 1;

This also avoids having the token balance of the DAO going to 0. e.g. if the balance of the DAO is 10 ETH, and then a withdrawal operation will keep 1 wei in the balance.

Conclusion

LGTM

liveactionllama commented 4 months ago

Updating the ID label here, simply for consistency across all warden submissions.

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory