Closed sherlock-admin2 closed 7 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Invalid. These types of issues are not valid in Sherlock. Apart from that try to write your report better next time because it is hard to understand.
0xAadi commented:
Invalid: OOS
bareli
medium
wrong implementation of "getFeeOutputs"
Summary
in the implementation of " function getFeeOutputs( ResolvedOrder memory order ) external view override returns (OutputToken[] memory result) "
we are going through every output token and we are trying to identify an actual number of unique fee output pairs.as we can see below code.
for (uint256 i = 0; i < order.outputs.length; ++i) { /// @dev Fee will be in the 'tokenOut' form. address tokenOut = order.outputs[i].token;
@> if (!found) { result[feeCount] = OutputToken({ token: tokenOut, amount: feeAmount, recipient: feeRecipient }); feeCount++; } } }
result array consists of all different tokens. as we are adding different tokens. result array length is less than equal to the output array length. lets take a scenario for some address tokenOut = order.outputs[i].token; as this will go through the "for (uint256 j = 0; j < feeCount; ++j) " so as result is all unique we can use a break statement after the
if (feeOutput.token == tokenOut) { found = true; feeOutput.amount += feeAmount; break; as this will save us a lot of gases.
Vulnerability Detail
Impact
too much gas cost.
Code Snippet
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L94
Tool used
Manual Review
Recommendation
use if (feeOutput.token == tokenOut) { found = true; feeOutput.amount += feeAmount; break; }