Redundant initialize_token_store operation

zlsecure3 commented 1 year ago

subject

description

In the StarNameService module, users can register domain names through the create_name_script function. It will first create a Token resource for the user through the initialize_token_store function, and then set its direct_transfer to true through the opt_in_direct_transfer function. But in fact, the initialize_token_store function is also called in the opt_in_direct_transfer function to create resources for the user. So the initialize_token_store operation in the create_name_script function is redundant.

Below is the implementation of Token::opt_in_direct_transfer function.

    public entry fun opt_in_direct_transfer(account: &signer, opt_in: bool) acquires TokenStore {
        let addr = signer::address_of(account);
        initialize_token_store(account);
        let opt_in_flag = &mut borrow_global_mut<TokenStore>(addr).direct_transfer;
        *opt_in_flag = opt_in;
    }

recommendation

It is recommended to remove the initialize_token_store operation in the create_name_script function.

locations

code/sources/StarNameService.move#L213

severity

Informational

damage

exploitability

grading (edit)

submission_id:1469204347

review_type:GRADING

result: TBD-yes,no

rating: TBD-123

comment: TBD-Rejected,Accepted by Secure3.

severity: TBD-Critical,Medium,Low,Informational

category:

description:

zlsecure3 commented 1 year ago

client feedback (manual copy)

submission_id:1469204347

review_type:CLIENT_FEEDBACK

result: TBD-yes,no

severity: TBD-Critical,Medium,Low,Informational

comment:

zlsecure3 commented 1 year ago

client feedback decision(edit)

submission_id:1469204347

review_type:CLIENT_FEEDBACK_DECISION

result: TBD-yes,no,yes-honored,no-honored

severity: TBD-Critical,Medium,Low,Informational

comment:

zlsecure3 / review_star