Assessment reports>Reserve Throttle Wallet>Low findings>The ,lastWithdrawalAt, is not initialized in ,constructor
Category: Coding Mistakes

The lastWithdrawalAt is not initialized in constructor

Low Severity
Low Impact
Low Likelihood

Description

The lastWithdrawalAt variable is used in the availableToWithdraw function with its default value of zero.

During the first call to the initiateWithdrawal function, the availableToWithdraw function will be invoked, and at that point, the lastWithdrawalAt variable will still have its default value of zero. This may not be the intended behavior and could result in incorrect calculations.

function availableToWithdraw() public view returns (uint256) {
       uint256 timeSinceLastWithdrawal = block.timestamp - lastWithdrawalAt;
       ...
   }

Impact

In the current design, lastWithdrawalAt is initially assigned a default value of zero. Consequently, the initial timeSinceLastWithdrawal value will effectively be the time from timestamp 0 until the current block timestamp. This could lead to an unexpectedly high value and possibly cause incorrect calculations or inconsistencies with expectations of how the contract should ideally operate.

Recommendations

Initialize the lastWithdrawalAt variable in the constructor function, setting it equal to the current block's timestamp (block.timestamp). This will ensure that the variable does not start at zero.

Remediation

Reserve states that this is done intentionally to start the throttle at max instead of zero.

Zellic © 2023Back to top ↑