Basket: No need for initialized variable #63
Labels
bug
Warden finding
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Comments
frank-beard
added
the
sponsor acknowledged
|
__ERC20_init is indeed setting the initialization for you, a similar set of findings were invalid on the other contest as using that internal initializer already protects you from having |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
kenzo
Vulnerability details
__ERC20_init already checks whether the contract is initialized, so saving your own variable is redundant and unnecessary write to global state.
Impact
Gas for writing global state.
Proof of Concept
Basket's initialize calls __ERC20_init:
https://github.com/code-423n4/2021-10-defiprotocol/blob/main/contracts/contracts/Basket.sol#L54
__ERC20_init has the modifier initializer :
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/token/ERC20/ERC20Upgradeable.sol#L54
initializer checks whether contract is init:
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/proxy/utils/Initializable.sol#L47
Tools Used
Recommended Mitigation Steps
Remove unnecessary initialized var from Basket
The text was updated successfully, but these errors were encountered: