NFT Dealers
First Flight #58
Beginner FriendlyFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: medium
Likelihood: medium

Unnecessary Self-Transfer Causing Gas Waste and Potential Reversion

Author Revealed upon completion

Root + Impact

Description

  • In the collectUsdcFromSelling function, the contract unnecessarily transfers fees to itself using usdc.safeTransfer(address(this), fees). Since the USDC is already in the contract from the buy function, this self-transfer wastes gas and could potentially cause unexpected reverts if the USDC token implementation doesn't handle self-transfers properly.

function collectUsdcFromSelling(uint256 _listingId) external onlySeller(_listingId) {
Listing memory listing = s_listings[_listingId];
require(!listing.isActive, "Listing must be inactive to collect USDC");
uint256 fees = _calculateFees(listing.price);
uint256 amountToSeller = listing.price - fees;
uint256 collateralToReturn = collateralForMinting[listing.tokenId];
totalFeesCollected += fees;
amountToSeller += collateralToReturn;
usdc.safeTransfer(address(this), fees); // @ self transfer
usdc.safeTransfer(msg.sender, amountToSeller);
}

Risk

Impact

  • This causes unnecessary gas consumption and could lead to transaction failures if the USDC implementation reverts on self-transfers.

Proof of Concept

no need

Recommended Mitigation

function collectUsdcFromSelling(uint256 _listingId) external onlySeller(_listingId) {
Listing memory listing = s_listings[_listingId];
require(!listing.isActive, "Listing must be inactive to collect USDC");
uint256 fees = _calculateFees(listing.price);
uint256 amountToSeller = listing.price - fees;
uint256 collateralToReturn = collateralForMinting[listing.tokenId];
totalFeesCollected += fees;
amountToSeller += collateralToReturn;
- usdc.safeTransfer(address(this), fees); // @ self transfer
usdc.safeTransfer(msg.sender, amountToSeller);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!