Submission Details
Severity:
Move msg.sender check into a modifier
Summary
Check if current pool.lender != msg.sender is used in several functions and can be moved to modifier and reused
Check if current amount == 0 is used in several functions and can be moved to modifier which also can be reused
Vulnerability Details
The following functions have check if pool.lender ≠ msg.sender
src\Lender.sol
182: function addToPool(bytes32 poolId, uint256 amount) external {
if (pools[poolId].lender != msg.sender) revert Unauthorized();
...
}
198: function removeFromPool(bytes32 poolId, uint256 amount) external {
if (pools[poolId].lender != msg.sender) revert Unauthorized();
...
}
210: function updateMaxLoanRatio(bytes32 poolId, uint256 maxLoanRatio) external {
if (pools[poolId].lender != msg.sender) revert Unauthorized();
...
}
221: function updateInterestRate(bytes32 poolId, uint256 interestRate) external {
if (pools[poolId].lender != msg.sender) revert Unauthorized();
...
}
The following functions have check if argument(amount) passed == 0
src\Lender.sol
182: function addToPool(bytes32 poolId, uint256 amount) external {
...
if (amount == 0) revert PoolConfig();
...
}
198: function removeFromPool(bytes32 poolId, uint256 amount) external {
...
if (amount == 0) revert PoolConfig();
...
}
210: function updateMaxLoanRatio(bytes32 poolId, uint256 maxLoanRatio) external {
...
if (maxLoanRatio == 0) revert PoolConfig();
...
}
Impact
This lead to code duplication, bigger functions and its cost more gas.
Tools Used
Manual
Recommendations
Its recommended to make modifiers to improve readability, code reuse and it is also gas efficient.
modifier onlyPoolLender(bytes32 poolId) {
if (msg.sender != pools[poolId].lender) {
revert Unauthorized();
}
_;
}
modifier moreThanZero(uint256 amount) {
if (amount == 0) {
revert PoolConfig();
}
_;
}
// Example of one of the functions
function addToPool(bytes32 poolId, uint256 amount)
external
+ onlyPoolLender(poolId)
+ moreThanZero(amount)
{
- if (pools[poolId].lender != msg.sender) revert Unauthorized();
- if (amount == 0) revert PoolConfig();
_updatePoolBalance(poolId, pools[poolId].poolBalance + amount);
// transfer the loan tokens from the lender to the contract
IERC20(pools[poolId].loanToken).transferFrom(
msg.sender,
address(this),
amount
);
}
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628 USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.