15,000 USDC
View results
Submission Details
Severity: gas

`getAccountCollateralValue` should avoid to execute `getUsdValue` when `amount == 0`

Summary

In getAccountCollateralValue the current implementation calls getUsdValue even when the user has provided no collateral for the s_collateralDeposited token.

The getUsdValue will perform a call to the ChainLink oracle and calculate the price conversion, when the result will be anyway 0 because amount is zero.

function getUsdValue(address token, uint256 amount) public view returns (uint256) {
AggregatorV3Interface priceFeed = AggregatorV3Interface(s_priceFeeds[token]);
(, int256 price,,,) = priceFeed.staleCheckLatestRoundData();
// 1 ETH = $1000
// The returned value from CL will be 1000 * 1e8
return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
}

Vulnerability Details

See Summary

Impact

Gas is wasted when amount is zero

Tools Used

Manual

Recommendations

The client could update the getAccountCollateralValue to skip getUsdValue call if amount == 0

function getAccountCollateralValue(address user) public view returns (uint256 totalCollateralValueInUsd) {
// loop through each collateral token, get the amount they have deposited, and map it to
// the price, to get the USD value
for (uint256 i = 0; i < s_collateralTokens.length; i++) {
address token = s_collateralTokens[i];
uint256 amount = s_collateralDeposited[user][token];
- totalCollateralValueInUsd += getUsdValue(token, amount);
+ if( amount != 0 ) {
+ totalCollateralValueInUsd += getUsdValue(token, amount);
+ }
}
return totalCollateralValueInUsd;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.