Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>SSI Protocol>Discussion>Redundant checks
GeneralOverview
Findings
Medium (3)
Low (4)
DiscussionTest suiteCustom errors could save gasRedundant checksNo storage gap for upgradable contractsCentralization risk
Threat ModelWhat are threat models?AssetFactory.solAssetFeeManager.solAssetIssuer.solAssetLocking.solAssetRebalancer.solAssetToken.solStakeFactory.solStakeToken.solSwap.solUSSI.sol
Audit ResultsAssessment Results

Redundant checks

The contract implements some unnecessary checks. For example, before the calls to the safeTransferFrom function, the following checks are implemented at seven different places:

require(IERC20(token).allowance(msg.sender, address(this)) >= amount, "not enough allowance")

However, the OpenZeppelin implementation of safeTransferFrom also implements this check internally.

Each of those checks consume gas since the revert string has to be stored on chain.

There are also redundant checks regarding the order validation. The addSwapRequest function validates the order by calling checkOrderInfo:

function addSwapRequest(OrderInfo memory orderInfo, bool inByContract, bool outByContract) external onlyRole(TAKER_ROLE) whenNotPaused {
        uint code = checkOrderInfo(orderInfo);
        require(code == 0, "order not valid");

However, this function is called by the functions addRedeemRequest, addRebalanceRequest, addMintRequest, and addBurnFeeRequest, which all also call checkOrderInfo before calling addSwapRequest.

Removing those checks but still ensuring that the contract behaves as intended by comprehensive testing would save some gas.

Zellic © 2025Back to top ↑