NFT Dealers
First Flight #58
Beginner FriendlyFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: high

Redundant Self-Transfer of USDC in collectUsdcFromSelling()

Author Revealed upon completion

The contract send funds to it self, waste gas

Description

  • The contarct aredy holds the funds so no need to send it again

  • The contarct send the funds to him self everytime we call the collecUSDCfromSelling function

function collectUsdcFromSelling(uint256 _listingId) external onlySeller(_listingId) {
Listing memory listing = s_listings[_listingId];
require(!listing.isActive, "Listing must be inactive to collect USDC");
uint256 fees = _calculateFees(listing.price);
uint256 amountToSeller = listing.price - fees;
uint256 collateralToReturn = collateralForMinting[listing.tokenId];
totalFeesCollected += fees;
amountToSeller += collateralToReturn; /
//@> usdc.safeTransfer(address(this), fees); //@audit-issues: useless function the money aready in the contract
usdc.safeTransfer(msg.sender, amountToSeller);

Risk

Likelihood:

  • Reason 1 This line is executed every time collectUsdcFromSelling() is called.

  • Reason 2 No special conditions are required — it’s part of the normal flow.

Impact:

  • Impact 1 Unnecessary gas consumption on every execution of the function

  • Impact 2 Misleading accounting logic — suggests fees are being “collected” while they are already included in the contract balance, which can confuse auditors and developers.

Proof of Concept

Recommended Mitigation

- usdc.safeTransfer(address(this), fees);

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!