Manually calculate remaining tokens instead of token.balanceOf() call
Summary
The remaining balance of tokens should be calculated manually instead of doing another balance check using the external ERC20 balanceOf() function.
Vulnerability Details
There is no security issue/vulnerability here, however in order to help save the user's some gas when resolving the dispute the following code should be changed to track the remaining tokens within the function scope instead of performing an additional call.
The following is the line from the 'forge test --gas-report' output:
Impact
Additional user gas is spent, which could ultimately be saved by simply calculating the remaining token on the fly.
Tools Used
VS Code
Foundry
Manually reading
Recommendations
Change the previously identified line to equal:
Upon changing, the gas report was generated from the tests:
From this, we can see that there is a saving of gas that can be had. In addition to the balanceOf change, the arbiter fee was cached for this function however the changes to gas were minimal due to the variable already being immutable.
The tests continued to pass after this change, so at the time it did not appear to have any impact. Consideration was taken surround token precision, however as the math simply uses subtraction there should be no issue here. In the event that this logic is changed and utilised multiply/divide with token amounts, precision issues could occur.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.