Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zero-address check unnecessary due to the initializer modifier #42

Open
code423n4 opened this issue Jun 23, 2021 · 1 comment
Open

Zero-address check unnecessary due to the initializer modifier #42

code423n4 opened this issue Jun 23, 2021 · 1 comment
Assignees
@kamescg
Labels
bug Something isn't working G (Gas Optimization) sponsor confirmed YearnV2YieldSource

Comments

@code423n4
Copy link
Contributor

Handle

0xRajeev

Vulnerability details

Impact

YearnV2YieldSource initialize does a zero-address check for value address to detect if it has already been initialized. This is an unnecessary check because vault address default value is zero, it is not initialized/set anywhere else and the initializer modifier will prevent the calling of initialize() a second time. So vault is guaranteed to be zero in initialize().

The impact is gas wastage from an additional SLOAD of vault state variable and the require() check.

Proof of Concept

https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/yield-source/YearnV2YieldSource.sol#L25

https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/yield-source/YearnV2YieldSource.sol#L73

Tools Used

Manual Analysis

Recommended Mitigation Steps

Remove the zero-address check for vault.
@code423n4 code423n4 added bug Something isn't working G (Gas Optimization) labels Jun 23, 2021
code423n4 added a commit that referenced this issue Jun 23, 2021
@code423n4
0xRajeev issue #42
9c43545
@kamescg kamescg self-assigned this Jun 29, 2021
@kamescg kamescg mentioned this issue Jul 1, 2021
Merged
@kamescg
Copy link
Collaborator

kamescg commented Jul 1, 2021

@PierrickGT PierrickGT mentioned this issue Jul 14, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kamescg kamescg

Labels
bug Something isn't working G (Gas Optimization) sponsor confirmed YearnV2YieldSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PierrickGT @kamescg @asselstine @code423n4