#42127 [SC-Insight] Redundant Fee Calculation in addYeetback() function

Submitted on Mar 21st 2025 at 02:59:35 UTC by @Oxblackadam for Audit Comp | Yeet

Report ID: #42127
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/Yeetback.sol
Impacts:

Description

Brief/Intro

The restart function in the Yeet contract and the addYeetback function in the Yeetback contract both calculate the entropy fee, resulting in redundant operations and unnecessary gas consumption.

Vulnerability Details

In the restart function, yeetback.getEntropyFee() is called to get the fee and also verify that sufficient ETH is provided to cover the entropy fee. Later, when calling yeetback.addYeetback, the fee is passed along with the potToYeetback amount. Inside the addYeetback function, getEntropyFee() is called again before using the fee to request entropy. This double calculation is unnecessary and consumes additional gas. The fee calculation should be performed once and then reused.

code Yeet.sol

function restart(bytes32 userRandomNumber) external payable whenNotPaused {
    if (userRandomNumber == bytes32(0)) {
        revert InvalidRandomNumber();
    }

    if (!isRoundFinished()) {
        revert RoundStillLive(roundNumber);
    }

    if (!hasCooldownEnded()) {
        revert CooldownNotEnded(block.timestamp, endOfYeetTime + COOLDOWN_TIME);
    }

    emit RoundWinner(lastYeeted, block.timestamp, potToWinner, roundNumber, nrOfYeets);

    uint256 fee = yeetback.getEntropyFee();
    if (msg.value < fee) {
        revert NotEnoughValueToPayEntropyFee(msg.value, fee);
    }
    uint256 remaining = msg.value - fee;

    if (potToYeetback > 0) {
        yeetback.addYeetback{value: fee + potToYeetback}(userRandomNumber, roundNumber, potToYeetback);
    }

    winnings[lastYeeted] += potToWinner;

    _roundWinners[roundNumber] = Winner(lastYeeted, block.timestamp, potToWinner, roundNumber);

    copySettings();
    roundNumber += 1;
    potToYeetback = 0;
    potToWinner = 0;
    nrOfYeets = 0;
    lastYeeted = address(0);
    lastYeetedAt = 0;
    yeetTimeInSeconds = YEET_TIME_SECONDS;
    endOfYeetTime = block.timestamp + yeetTimeInSeconds + BOOSTRAP_PHASE_DURATION;
    roundStartTime = block.timestamp;

    if (remaining > 0) {
        (bool success,) = payable(msg.sender).call{value: remaining}("");
        require(success, "Transfer failed, cant return remaining value to sender");
    }

    emit RoundStarted(
        roundNumber,
        roundStartTime,
        YEET_TIME_SECONDS,
        POT_DIVISION,
        TAX_PER_YEET,
        TAX_TO_STAKERS,
        TAX_TO_PUBLIC_GOODS,
        TAX_TO_TREASURY,
        YEETBACK_PERCENTAGE,
        COOLDOWN_TIME
    );
}

Since amount (potToYeetback) is passed along with the addYeetback function argument. here

            yeetback.addYeetback{value: fee + potToYeetback}(userRandomNumber, roundNumber, potToYeetback);

In the addYeetback function, the fee can be computed as msg.value - amount (no redundant call) instead of getEntropyFee, saving the caller some gas

code Yeetback.sol

    function addYeetback(bytes32 userRandomNumber, uint256 round, uint256 amount) public payable onlyOwner {
        require(userRandomNumber != bytes32(0), "Invalid number");
        require(round != 0, "Invalid round");
        require(amount != 0, "Invalid amount");
        potForRound[round] = amount;

        uint256 fee = getEntropyFee();
        uint64 sequenceNumber = entropy.requestWithCallback{value: fee}(entropyProvider, userRandomNumber);
        sequenceToRound[sequenceNumber] = round;
        emit RandomNumberRequested(sequenceNumber);
        emit YeetbackAdded(round, amount);
    }

Impact Details

This inefficiency increases the gas cost for users who call the restart function. While not a security vulnerability, it represents a suboptimal implementation that costs users additional gas.

References

Add any relevant links to documentation or code

Proof of Concept

In yeet.test.sol, under the Yeet_Claim contract, Copy and paste the following test and run it:

forge test --mt test_gas_Usage -vvvv

function test_gas_Usage() public {
        yeet.yeet{value: 1 ether}();

        skip(2 hours);
        bytes32 randomNumber = 0x3b67d060cb9b8abcf5d29e15600b152af66a881e8867446e798f5752845be90d;

        uint128 fee = yeet.yeetback().getEntropyFee();

        uint256 startGas = gasleft();
        yeet.restart{value: fee}(randomNumber);
        uint256 endGas = gasleft();

        console.log("Gas used for restart:", startGas - endGas);
}

Results:

├─ [0] console::log("Gas used for restart:", 239126 [2.391e5]) [staticcall]

The original restart function cost 239,126 gas.

Now, edit the addYeetback function in Yeetback.sol, replacing:

uint256 fee = getEntropyFee();  // redundant call

with:

uint256 fee = msg.value - amount;

and ran the test again.

New results:

├─ [0] console::log("Gas used for restart:", 238149 [2.381e5]) [staticcall]

The modified restart function now costs 238,149 gas, saving 977 gas.

Previous#42123 [SC-Critical] Insufficient Token Reservation in `startUnstake` Leads to Permanent Freezing of Vested Funds Next#42152 [SC-Critical] `StakeV2::accumulatedDeptRewardsYeet` fails to account for pending vesting withdrawals which could cause contract insolvency

Was this helpful?

hashtagDescription

hashtagBrief/Intro

hashtagVulnerability Details

hashtagcode Yeet.sol

hashtagcode Yeetback.sol

hashtagImpact Details

hashtagReferences

hashtagProof of Concept

hashtagProof of Concept

Description

Brief/Intro

Vulnerability Details

code Yeet.sol

code Yeetback.sol

Impact Details

References

Proof of Concept

Proof of Concept