Unused return values in L1Vault.approveTo(address,uint256)
Summary
The return value of an external call is not stored in a local or state variable.
Vulnerability Details
L1Vault.approveTo(address,uint256) (src/L1Vault.sol#19-21) ignores return value by token.approve(target,amount) (src/L1Vault.sol#20)
Impact
Having unused return values in the code might lead to confusion for developers or auditors reviewing the code. It can be a source of misunderstanding about the intended behavior of the function.
If a function returns a value but the return value is not utilized or stored anywhere, it may result in additional gas costs. Unused return values consume gas, and not using them effectively incurs unnecessary expenses.
If the function is designed to return important information, ignoring the return value could lead to bugs or unintended consequences. Developers should ensure that return values are appropriately handled to prevent unexpected behavior.
In some cases, a function may return a value that is critical for security checks or decisions within the contract. Ignoring or mishandling this return value could introduce security vulnerabilities.
Tools Used
Manual code review
Recommendations
Ensure that all the return values of the function calls are used. If a function is designed to return a value, make sure that the return value is utilized somewhere in the contract. If it is not necessary, consider modifying the function to avoid returning unnecessary data.
Be mindful of gas costs associated with unused return values. If gas efficiency is a concern, it may be worth optimizing the code to reduce unnecessary gas consumption.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.