Submission Details
Severity:
Redundant State Update Calls in `StabilityPool::deposit` Function Leading to Gas Inefficiency
Summary
The deposit function in the StabilityPool contract contains redundant state update calls through both _update() and _mintRAACRewards() functions, which perform the same operations, leading to unnecessary gas consumption.
Vulnerability Details
function deposit(uint256 amount) external nonReentrant whenNotPaused validAmount(amount) {
_update(); <==@found
rToken.safeTransferFrom(msg.sender, address(this), amount);
uint256 deCRVUSDAmount = calculateDeCRVUSDAmount(amount);
deToken.mint(msg.sender, deCRVUSDAmount);
userDeposits[msg.sender] += amount;
_mintRAACRewards(); <==@found
emit Deposit(msg.sender, amount, deCRVUSDAmount);
}
Impact
Unnecessary gas consumption
Reduced contract efficiency
Tools Used
Manual Review
Recommendations
Remove one of the redundant calls, preferably keep _mintRAACRewards() as it's more descriptive:
function deposit(uint256 amount) external nonReentrant whenNotPaused validAmount(amount) {
- _update();
rToken.safeTransferFrom(msg.sender, address(this), amount);
uint256 deCRVUSDAmount = calculateDeCRVUSDAmount(amount);
deToken.mint(msg.sender, deCRVUSDAmount);
userDeposits[msg.sender] += amount;
_mintRAACRewards();
emit Deposit(msg.sender, amount, deCRVUSDAmount);
}
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.