The contract maintains a mapping of allowed sell tokens. Tokens must be explicitly permitted by the owner before they can be used.
The _isAllowed
parameter is redundant, as Solidity mappings default to false
for unset keys. Thus, there's no need to explicitly set a token to false
to disallow it.
File | Function | Lines | Note |
---|---|---|---|
./src/OrderBook.sol |
getOrderDetailsString |
L273–L280 |
Likelihood:
This occurs whenever the owner attempts to disallow a token that is already unset (implicitly false
).
It can also occur during routine maintenance when updating the allow list.
Impact:
Increased Gas Costs: Unnecessary storage writes (setting to false
when already false
) waste gas (~20,000 gas per write).
Code Clarity: Creates potential confusion about the need to explicitly disallow tokens.
Redundant Logic: Adds complexity and storage operations that are not functionally needed.
Simplify the Function Signature
Remove the _isAllowed
parameter and only handle explicit allowances:
Handle Disallowing (Optional)
To disallow a token explicitly (if needed), either:
Create a separate disallowSellToken
function, or
Rely on the default behavior where unset tokens are already considered disallowed.
Update Usage
Refactor all internal and external usages to adopt the new allowSellToken
pattern.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.