ADD-04 MitigationConfirmed

[c4-bot-10]

Lines of code

Vulnerability details

C4 issue

ADD-04: QA, GAS

Comments

This issue resolves several QA and gas issues.

Mitigation

PR #33

The mitigation includes:

• Cache values in variables instead of retrieving value for each operation.
• Set InterestRateModel X96 variables to X64.
• Utilize Ownable2Step over Ownable.
• V3Vault.createWithPermit() transfers NFT position from msg.sender and not owner. This prevents third-party users using other user's permits when calling createWithPermit().
• V3Vault.borrow() no longer checks in non-transform mode if the msg.sender is a vault. Now only token owners can call borrow() when in non-transform mode. This is an acceptable change as the Vault should not be able to call itself during non-transform mode as the msg.sender should be a non-Revert contract.
• Replace usage of uint > 0 with uint != 0.
• AutoCompound._withdrawBalanceInternal() modifies how the positionBalances is updated. Now _withdrawBalanceInternal() relies on the balance and amount argument calculations to update the positionBalances. This change is acceptable.
• Other misc changes.

All changes are safe and do not impact functionality in a negative way.

Conclusion

LGTM

[c4-judge]

jhsagd76 marked the issue as satisfactory

[c4-judge]

jhsagd76 marked the issue as confirmed for report