No check if the burn amount is zero or not
Summary
The contract SmartVaultV3 uses the burn function of the EUROs token without checking if the amount is zero, which can waste gas and bypass the _burn checks.
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#172
Vulnerability Details
However, the function does not check if the amount is zero or not before calling the burn function. This can cause two problems:
If the amount is zero, the burn function will still execute and consume gas, even though it does nothing. This is inefficient and wasteful for the user.
If the amount is zero, the burn function will skip the _burn checks that are supposed to ensure that the user has enough balance and that the account is not the zero address. This can potentially introduce bugs or security issues if the burn function is modified or extended in the future.
Impact
The impact of this vulnerability is low, as it does not affect the functionality or security of the contract in its current state. However, it can reduce the user experience and the code quality, as well as increase the risk of future errors or exploits.
Tools Used
Manule
Recommendations
To fix this vulnerability, we recommend adding a check for the amount before calling the burn function, such as:
This will prevent unnecessary gas consumption and _burn checks bypassing when the amount is zero.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.