Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Basket: No need for initialized variable #63

Open
code423n4 opened this issue Oct 10, 2021 · 1 comment
Open

Basket: No need for initialized variable #63

code423n4 opened this issue Oct 10, 2021 · 1 comment
Labels
bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons

Comments

@code423n4
Copy link
Contributor

Handle

kenzo

Vulnerability details

__ERC20_init already checks whether the contract is initialized, so saving your own variable is redundant and unnecessary write to global state.

Impact

Gas for writing global state.

Proof of Concept

Basket's initialize calls __ERC20_init:
https://github.com/code-423n4/2021-10-defiprotocol/blob/main/contracts/contracts/Basket.sol#L54
__ERC20_init has the modifier initializer :
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/token/ERC20/ERC20Upgradeable.sol#L54
initializer checks whether contract is init:
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/proxy/utils/Initializable.sol#L47

Tools Used

Recommended Mitigation Steps

Remove unnecessary initialized var from Basket

code423n4 added a commit that referenced this issue Oct 10, 2021
@frank-beard frank-beard added the sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons label Nov 6, 2021
@GalloDaSballo
Copy link
Collaborator

__ERC20_init is indeed setting the initialization for you, a similar set of findings were invalid on the other contest as using that internal initializer already protects you from having initialize being run more than once

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Projects
None yet
Development

No branches or pull requests

3 participants