[G-3] Redundant ownership check in `SoulboundProfileNFT::burnProfile` wastes gas
Description: In SoulboundProfileNFT.sol, the burnProfile function performs two checks that verify the same condition. The second check ownerOf(tokenId) == msg.sender is redundant because the profileToToken mapping already ensures ownership.
This is redundant because:
profileToToken[msg.sender]only contains tokens that belong to their respective ownersIf a user has a token in this mapping, they are definitely the owner
There's no way for a token to exist in
profileToTokenmapping with a different owner
Impact:
Unnecessary
ownerOfcall costs extra gasEvery profile burn operation costs more gas than necessary
Proof of Concept:
The following scenarios all lead to the same result with or without the second check:
If user has no profile: First require fails
If user has profile: First require passes and ownership is already guaranteed
If token exists but user isn't owner: Impossible scenario due to
profileToTokenmapping design
Recommended Mitigation: Remove the redundant ownership check:
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.