Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unused Variable

fuzail

Github
https://github.com/Cyfrin/2024-09-stakelink/blob/main/contracts/core/lstRewardsSplitter/LSTRewardsSplitterController.sol

Summary

The LSTRewardsSplitterController contract declares an internal variable address[] internal accounts, which is never used in any meaningful way throughout the contract. This introduces inefficiencies and potential confusion in the contract logic. While the variable is declared with the intent to manage accounts that have splitters, it lacks any operational impact within the contract’s current implementation.

Vulnerability Details

In the contract, the variable address[] internal accounts is defined, but its only interaction is within the addSplitter and removeSplitter functions, where accounts are pushed to the array and removed. However, this array is never used in critical operations such as reward splitting or splitter management logic.

Example of the unused variable:

address[] internal accounts;

Its usage is primarily to track splitters but it is never referenced elsewhere, making its purpose unclear. As a result, storing accounts in the array serves no practical purpose within the context of the contract.

Impact

The presence of an unused variable in a smart contract, especially one stored in storage, introduces multiple issues:

Gas Inefficiency:
- The contract allocates gas to store and manage the accounts array without it serving any real purpose. Every time a new splitter is added or removed, gas is consumed for updating the storage, which leads to unnecessary gas costs.
Potential Confusion:
- Unused variables introduce confusion for developers and auditors, making it more difficult to understand the contract's logic. This can lead to misunderstandings or missed bugs if developers incorrectly assume the variable is functional.
Code Readability and Maintenance:
- Declaring and maintaining unused variables reduces code readability and maintainability. Future updates or bug fixes could be more challenging as developers may assume the variable plays an essential role in the contract’s logic.

Tools Used

Manual Code Review

Recommendations

If the accounts array is meant to track splitters, it should be used in functions where it plays a critical role. For example, the array could be used to iterate over active splitters or manage rewards for specific accounts.

In addition, replacing the accounts array with a more efficient data structure such as a mapping could make the logic more robust and gas-efficient.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.