Summary
In getAccountCollateralValue
the current implementation calls getUsdValue
even when the user has provided no collateral for the s_collateralDeposited
token.
The getUsdValue
will perform a call to the ChainLink oracle and calculate the price conversion, when the result will be anyway 0
because amount
is zero.
function getUsdValue(address token, uint256 amount) public view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
}
Vulnerability Details
See Summary
Impact
Gas is wasted when amount
is zero
Tools Used
Manual
Recommendations
The client could update the getAccountCollateralValue
to skip getUsdValue
call if amount == 0
function getAccountCollateralValue(address user) public view returns (uint256 totalCollateralValueInUsd) {
// loop through each collateral token, get the amount they have deposited, and map it to
// the price, to get the USD value
for (uint256 i = 0; i < s_collateralTokens.length; i++) {
address token = s_collateralTokens[i];
uint256 amount = s_collateralDeposited[user][token];
- totalCollateralValueInUsd += getUsdValue(token, amount);
+ if( amount != 0 ) {
+ totalCollateralValueInUsd += getUsdValue(token, amount);
+ }
}
return totalCollateralValueInUsd;
}