Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Gas Optimization in withdraw() Function (applicable to _refundERC20() and _refundETH())

anis

Summary

The withdraw() function performs token transfers without checking whether the contract has a non-zero balance of each token. This leads to unnecessary gas consumption when the contract’s balance is zero for a specific token.

Vulnerability Details

  • In the current implementation, the contract calls the safeTransfer function for each token (WETH, WBTC, USDC) regardless of whether the contract holds a balance of the token.

  • This leads to unnecessary gas costs when the balance of a token is zero.

Impact

  • Unnecessary gas consumption due to attempting token transfers even when the contract’s balance is zero.

  • Increased transaction costs for the host.

Tools Used

  • Manual code review

Recommendations

To optimize gas usage, check the token balance before calling the safeTransfer function. This will ensure that transfers are only executed when the contract has a non-zero balance of the token.

function withdraw() external onlyHost {
address _host = getHost();
uint256 wethBalance = i_WETH.balanceOf(address(this));
if (wethBalance > 0) {
i_WETH.safeTransfer(_host, wethBalance);
}
uint256 wbtcBalance = i_WBTC.balanceOf(address(this));
if (wbtcBalance > 0) {
i_WBTC.safeTransfer(_host, wbtcBalance);
}
uint256 usdcBalance = i_USDC.balanceOf(address(this));
if (usdcBalance > 0) {
i_USDC.safeTransfer(_host, usdcBalance);
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!