Unnecessary `_diff` check in the `update()` function
Summary
In the Staking contract's update function, there's an unnecessary condition check where the contract verifies if _diff is greater than 0. This is redundant since _diff is calculated after validating that balance is less than _balance, meaning _diff will always be greater than zero.
Vulnerability Details
In the following code snippet of the update() function:
_diff is calculated as the difference between _balance and balance, after checking that balance is less than _balance. This means that _diff will always be greater than 0, and checking this condition is unnecessary and adds to the gas costs of the operation.
Impact
The impact of this issue is mostly related to efficiency rather than security. The unnecessary condition increases the gas cost of the update function, causing users to spend more than necessary on transaction fees. While this might be small for a single transaction, it could add up significantly over time and with many users.
Tools Used
This issue was identified through manual code review, using Solidity, the language in which the smart contract is written.
Recommend Mitigation
The recommended mitigation for this issue is to remove the condition _diff > 0. Given that _diff is always greater than zero due to the previous checks, this condition is redundant and removing it will make the function more gas-efficient.
By removing the unnecessary condition, gas cost can be reduced without affecting the functionality of the update function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.