Summary

Vulnerability Details

The smart contract uses the assert function for input validation in the liquidateSecondary function, which can lead to unnecessary gas consumption in case of failure. It's generally recommended to use require for input validation and external conditions, as it's more gas-efficient.

Impact

Tools Used

Manual

Recommendations

The assert() and require() functions are a part of the error handling aspect in Solidity. Solidity makes use of state-reverting error handling exceptions. This means all changes made to the contract on that call or any sub-calls are undone if an error is thrown. It also flags an error.

They are quite similar as both check for conditions and if they are not met, would throw an error.

The big difference between the two is that the assert() function when false, uses up all the remaining gas and reverts all the changes made.

Meanwhile, a require() function when false, also reverts back all the changes made to the contract but does refund all the remaining gas fees we offered to pay.