Setter functions should have equality checks.
Summary
Multiple setter functions in the protocol do not include an equality check, this includes the function updateMaxLoanRatio in the Lender.sol contract that's used for updating the maximum loan ratio for a pool. However implementing an equality check first would curb unnecessary storage operations when the new value maximum loan ratio in this case is the same as the current one.
Vulnerability Details
This report only focuses on the instance within the updateMaxLoanRatio() function , which takes a poolId and a maxLoanRatio as arguments.
Now if the caller of the function is not the lender of the pool or if the maxLoanRatio is 0, the function reverts. Otherwise, it updates the maxLoanRatio of the pool and emits an event.
Impact
Unnecessary gas costs and data storage operations when the updateMaxLoanRatio function is called with a maxLoanRatio that is the same as the current one. Or whatever setter function is called with the same value. This impact may be somewhat minor but it's still an inefficiency that can be easily avoided.
Tools Used
Manual Audit.
Recommended Mitigation
To avoid unnecessary operations, a check could be added to the function to verify whether the new value is the same as the current one. If it is, the function could revert with an error message indicating that an attemot was made to set the value to it's present value
.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.