Use of _msgSender() #102
Labels
bug
Something isn't working
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
ritik99
added
the
sponsor confirmed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
defsec
Vulnerability details
Impact
The use of _msgSender() when there is no implementation of a meta transaction mechanism that uses it, such as EIP-2771, very slightly increases gas consumption.
Proof of Concept
_msgSender() is utilized three times where msg.sender could have been used in the following function.
"""
https://github.com/code-423n4/2021-12-sublime/blob/e688bd6cd3df7fefa3be092529b4e2d013219625/contracts/yield/YearnYield.sol#L42
https://github.com/code-423n4/2021-12-sublime/blob/e688bd6cd3df7fefa3be092529b4e2d013219625/contracts/yield/CompoundYield.sol#L43
https://github.com/code-423n4/2021-12-sublime/blob/e688bd6cd3df7fefa3be092529b4e2d013219625/contracts/yield/AaveYield.sol#L71
https://github.com/code-423n4/2021-12-sublime/blob/e688bd6cd3df7fefa3be092529b4e2d013219625/contracts/yield/NoYield.sol#L31
"""
Tools Used
None
Recommended Mitigation Steps
Replace _msgSender() with msg.sender if there is no mechanism to support meta-transactions like EIP-2771 implemented.
The text was updated successfully, but these errors were encountered: