NestedReserve: Redundant valid token address checks #123
Labels
bug
Something isn't working
G (Gas Optimization)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
GreyArt
Vulnerability details
Impact
The
transferFromFactory()
function is missing thevalid(address(_token))
modifier that is present in thetransfer()
andwithdraw()
functions.It is in our opinion that these sanity checks on the token address are redundant, because the transaction will revert anyway in the SafeERC20 library.
Recommended Mitigation Steps
Either add in the modifier check for the
transferFromFactory()
function. Alternatively, remove them from all the functions as a gas optimization.The text was updated successfully, but these errors were encountered: