Missing Validation for setting approvedPoolActions in `setApprovedActionsForPool` Function. Causes GAS Wastage and meaningless event emissions.
Summary
In the UpdateWeightRunner contract, the setApprovedActionsForPool function allows the admin to set the actions a pool is approved for. However, the function lacks a critical validation to check whether the actions have already been set or not. This oversight can lead to the emission of meaningless events, unnecessary gas consumption, and bad coding practices that could harm the protocol's efficiency.
Vulnerability Details
Code Analysis
Current Implementation of setApprovedActionsForPool
Observations
-
Missing Validation for pool actions:
The function does not verify whether the pool actions have already been set or not. This results in unnecessary state updates and event emissions. -
Gas Inefficiency:
Without the validation, the function performs redundant operations that waste gas, especially when the function call is unnecessary. -
Meaningless Event Emissions:
If the pool actions have already been set, the emitted eventSetApprovedActionsForPooldoes not hold any meaningful value. This pollutes blockchain logs and adds to storage bloat.
Impact
-
Increased Gas Costs:
The admin pays unnecessary gas fees for redundant calls due to the missing validation. -
Blockchain Log Pollution:
Emitting meaningless events unnecessarily populates the blockchain with inefficient logs, making it harder to query and manage event data. -
Inefficient Code Design:
The missing validation reflects poor coding practices, reducing the overall maintainability and reliability of the protocol. -
Negative User Experience:
Admins may unintentionally execute redundant calls without realizing their impact, leading to frustration and inefficiencies.
Tools Used
Manual Review
Recommendations
Proposed Fix
The setApprovedActionsForPool function should include a validation to check if the pool actions are already set. This ensures that only meaningful state changes occur, reducing gas waste and maintaining the integrity of the blockchain logs.
Updated setApprovedActionsForPool Function
Benefits of the Fix
-
Gas Optimization:
Prevents unnecessary gas consumption by ensuring state changes and events are only executed when required. -
Accurate Event Emissions:
Ensures that theSetApprovedActionsForPoolevent is emitted only for valid calls, maintaining the meaningfulness of the blockchain logs. -
Improved Code Quality:
Adheres to Solidity best practices, making the code more maintainable and robust. -
Better User Experience:
Admins can avoid unintentional redundant calls, improving efficiency and reducing frustration.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.