[L-02] Redundant Checks on Unsigned Integer Values in `ChainlinkARDOracle` contract
Summary:
The contract contains checks to determine if certain unsigned integer values are less than zero. Given the nature of unsigned integers (they can never be negative), these checks are redundant and can be safely removed to simplify the code and save on gas costs.
Vulnerability Details:
In the following functions:
addTokenMaxDelayaddTokenMaxDeviation
The contract checks if the values maxDelay and maxDeviation are less than zero using the conditions:
and
These checks are unnecessary since maxDelay and maxDeviation are of the uint256 type, which can never be negative.
Impact:
This does not pose a direct security risk but introduces unnecessary complexity to the code. It may confuse developers or auditors who later review the contract, thinking there might be some special reason for the check.
Tools Used:
Manual Review
Recommendations:
-
Removal of Redundant Checks: The checks for
maxDelayandmaxDeviationbeing less than zero can be safely removed from the contract.Before:
if (maxDelay < 0) revert Errors.TokenPriceFeedMaxDelayMustBeGreaterOrEqualToZero(); andif (maxDeviation < 0) revert Errors.TokenPriceFeedMaxDeviationMustBeGreaterOrEqualToZero();After:
// No need for the check, simply proceed with the function's logic.
Lead Judging Commences
INFO: Unnecessary maxDelay/maxDeviation check
Redundant check on maxDelay and/or maxDeviation in ARBOracle
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.