Tadle

Summary

The _updateTokenWhiteListed function in the smart contract emits an event every time it's called, regardless of whether the whitelist status of a token has actually changed.

Vulnerability Details

When _updateTokenWhitelist function is called, event is emitted for every token processed, even if its whitelist status remains the same.

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L197C3-L223C6

The function should only emit an event when the whitelist status of a token actually changes.

Steps to Reproduce:

1. Call updateTokenWhiteListed with a token address that is already in the desired whitelist state.

2. Observe that an event is emitted even though no state change occurred.

Impact

Increased gas costs and unnecessary event emissions.

Tools Used

Recommendations

Modify the _updateTokenWhiteListed function to check if the new status is different from the current status before updating and emitting the event. For example:

function _updateTokenWhiteListed(address _token, bool _isWhiteListed) internal {
if (tokenWhiteListed[_token] != _isWhiteListed) {
tokenWhiteListed[_token] = _isWhiteListed;
emit UpdateTokenWhiteListed(_token, _isWhiteListed);
}
}