Unnecessary computation in 'SablierFlow::depositViaBroker'
Description: 'SablierFlow::depositViaBroker' calculates the broker fee and updates the snapshot debt. However, the broker fee can be pre-calculated off-chain by the broker, as it is simply the amount the broker wants to keep from their deposit. This creates unnecessary computation that increases both contract deployment costs and gas costs when calling 'depositViaBroker'. The broker can deposit via 'SablierFlow::deposit' and not have to pay more gas since 'deposit' does not calculate a broker fee and transfer fees to the broker.
depositViaBroker() SablierFlow.sol line 295
_depositViaBroker() SablierFlow.sol line 648
Impact: Broker will pay more gas to deposit via 'depositViaBroker' rather than just calculating what the broker wants to keep off-chain by the broker and the broker calling the 'SablierFlow::deposit' function. Protocol will spend more gas to deploy the contract if 'depositViaBroker' is used.
Proof of Concept:
'SablierFlow::depositViaBroker' calls 'Helpers::checkAndCalculateBrokerFee' to calculate the broker fee.
'SablierFlow::_deposit' is called and deposits amount into the stream.
The broker fee is transferred to the broker.
Broker spends more gas than if the broker called 'SablierFlow::deposit' and calculated what the broker wants to keep off-chain.
Recommended Mitigation:
Remove the 'SablierFlow::_depositViaBroker' and 'SablierFlow::depositViaBroker' functions and update the documentation to reflect the broker fee can be pre-calculated off-chain by the broker or the broker can decide on a fixed amount to deposit.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.