Summary
_burnDsc
function on DSCEngine
can be simplified to avoid extra calls.
Vulnerability Details
Instead of doing a transfer
and a burn
, you can just use burnFrom
.
Impact
Gas impact Overall gas change: -336291 (-2.229%)
testRevertsIfTokenLengthDoesntMatchPriceFeeds() (gas: -40 (-0.022%))
testRevertsIfMintFails() (gas: -36694 (-1.805%))
testRevertsIfTransferFromFails() (gas: -36694 (-1.876%))
testRevertsIfTransferFails() (gas: -36694 (-1.901%))
testMustImproveHealthFactorOnLiquidation() (gas: -81010 (-3.427%))
testUserStillHasSomeEthAfterLiquidation() (gas: -20737 (-4.160%))
testLiquidationPayoutIsCorrect() (gas: -20737 (-4.281%))
testLiquidatorTakesOnUsersDebt() (gas: -20737 (-4.289%))
testUserHasNoMoreDebt() (gas: -20737 (-4.290%))
testCanRedeemDepositedCollateral() (gas: -20737 (-8.240%))
testCanBurnDsc() (gas: -20737 (-8.739%))
testMustRedeemMoreThanZero() (gas: -20737 (-8.751%))
Overall gas change: -336291 (-2.229%)
Tools Used
Manual revision
Recommendations
@@ -271,12 +271,7 @@ contract DSCEngine is ReentrancyGuard {
*/
function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {
s_DSCMinted[onBehalfOf] -= amountDscToBurn;
- bool success = i_dsc.transferFrom(dscFrom, address(this), amountDscToBurn);
- // This conditional is hypothtically unreachable
- if (!success) {
- revert DSCEngine__TransferFailed();
- }
- i_dsc.burn(amountDscToBurn);
+ i_dsc.burnFrom(dscFrom, amountDscToBurn);
}
function _redeemCollateral(address from, address to, address tokenCollateralAddress, uint256 amountCollateral)