search

sherlock-audit / 2024-08-cork-protocol-judging

2 stars 2 forks source link

Mammoth Laurel Nightingale - [GAS-5] Functions guaranteed to revert when called by normal users can be marked `payable` #278

Closed sherlock-admin3 closed 2 months ago

sherlock-admin3 commented 2 months ago

Mammoth Laurel Nightingale

Low/Info

[GAS-5] Functions guaranteed to revert when called by normal users can be marked payable

Summary

Vulnerability Detail

If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided.

The extra opcodes avoided are CALLVALUE(2),DUP1(3),ISZERO(3),PUSH2(3),JUMPI(10),PUSH1(3),DUP1(3),REVERT(0),JUMPDEST(1),POP(2), which costs an average of about 21 gas per call to the function, in addition to the extra deployment cost.

Impact

Code Snippet

Instances (20):

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/CorkConfig.sol#L42

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/CorkConfig.sol

42:     function setModuleCore(address _moduleCore) external onlyManager {

57:     function initializeModuleCore(address pa, address ra, uint256 lvFee, uint256 initialDsPrice) external onlyManager {

77:     function updateRepurchaseFeeRate(Id id, uint256 newRepurchaseFeePrecentage) external onlyManager {

86:     function updateEarlyRedemptionFeeRate(Id id, uint256 newEarlyRedemptionFeeRate) external onlyManager {

114:     function updatePsmBaseRedemptionFeePrecentage(uint256 newPsmBaseRedemptionFeePrecentage) external onlyManager {

121:     function pause() external onlyManager {

128:     function unpause() external onlyManager {

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/ModuleCore.sol

37:     function initialize(address pa, address ra, uint256 lvFee, uint256 initialDsPrice) external override onlyConfig {

88:     function updateRepurchaseFeeRate(Id id, uint256 newRepurchaseFeePrecentage) external onlyConfig {

95:     function updateEarlyRedemptionFeeRate(Id id, uint256 newEarlyRedemptionFeeRate) external onlyConfig {

153:     function updatePsmBaseRedemptionFeePrecentage(uint256 newPsmBaseRedemptionFeePrecentage) external onlyConfig {

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/Vault.sol

231:     function provideLiquidityWithFlashSwapFee(Id id, uint256 amount) external onlyFlashSwapRouter {

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/assets/Asset.sol

86:     function mint(address to, uint256 amount) public onlyOwner {

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/assets/AssetFactory.sol

195:     function _authorizeUpgrade(address newImplementation) internal override onlyOwner notDelegated {}

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/core/flash-swaps/FlashSwapRouter.sol

41:     function _authorizeUpgrade(address newImplementation) internal override onlyOwner notDelegated {}

69:     function emptyReserve(Id reserveId, uint256 dsId) external override onlyOwner returns (uint256 amount) {

93:     function addReserve(Id id, uint256 dsId, uint256 amount) external override onlyOwner {

https://github.com/sherlock-audit/2024-08-cork-protocol/blob/main/Depeg-swap/contracts/libraries/Guard.sol

24:     function _onlyNotExpired(DepegSwap storage ds) internal view {

30:     function _onlyExpired(DepegSwap storage ds) internal view {

36:     function _onlyInitialized(DepegSwap storage ds) internal view {

Tool used

Manual Review

Recommendation