The iszero(x) instruction is more gas efficient than x == 0

Severity

Which severity would you assign to this Issue?

• Gas Optimization
• Non-Critical
• Low Risk
• Med Risk
• High Risk

Description

With the use of the EVM dialect (=Yul), zero checking can be made more efficient via inline assembly.

Example

🤦 Bad:

/// @dev Consumes ~21812 gas on average.
function foo(uint256 x) external pure returns (bool result) {
    return x == 0;
}

🚀 Good:

/// @dev Consumes ~21787 gas on average.
function bar(uint256 x) external pure returns (bool result) {
    assembly {
        result := iszero(x)
    }
}

Background Information

• https://twitter.com/PaulRBerg/status/1521094594833915904

As per this SO answer, the "external is cheaper than public" mantra seems to be wrong.

However, this is only the case for versions >=0.6.9. Adjust the issue description to reflect this.

Remove or adjust: G006 - immutable for OpenZeppelin AccessControl's Roles Declarations

Since Solidity version 0.6.12 the keccak256 of string literals are treated specially and the hash is evaluated at compile time. It's not even necessary to have optimizations enabled.

Severity

Which severity would you assign to this Issue?

• Gas Optimization
• Non-Critical
• Low Risk
• Med Risk
• High Risk

++i is more gas efficient than i++ or i += x (if x = 1)

Severity

Which severity would you assign to this Issue?

• Gas Optimization
• Non-Critical
• Low Risk
• Med Risk
• High Risk

Description

writing a value to a slot that doesn’t have one will be more expensive than writing to one that does.
when incrementing an integer, ++i (return old value, then add 1) is cheaper than i++ (add 1, then return new value)

Example

🤦 Bad:

/// @dev Consumes ~21586 gas on average.
function war() external pure returns (uint256 result) {
         uint i = 1;
        result += i;
    }

or

/// @dev Consumes ~21557 gas on average.
function bar() external pure returns (uint256 result) {
     result ++;
    }

🚀 Good:

 /// @dev Consumes ~21530 gas on average. 
function foo() external pure returns (uint256 result) {
        ++ result;
    }

Background Information

https://m1guelpf.blog/d0gBiaUn48Odg8G2rhs3xLIjaL8MfrWReFkjg8TmDoM

Hidden unbounded loop in function call due to storage to memory copy

Severity

Which severity would you assign to this Issue?

• Gas Optimization
• Non-Critical
• Low Risk
• Med Risk
• High Risk

Description

See https://twitter.com/danielvf/status/1519381832592199681.

Example

If applicable, provide a small example. If not, delete this section.

🤦 Bad:

unit[] public array;

function _requireLength(unit[] memory _array) internal pure {
    // The memory keyword leads to SLOADing the entire array into memory, i.e. creates hidden, unbounded loop.
    require(_array.length > 0, "Empty array");
}

🚀 Good:

unit[] public array;

function _requireLength(unit[] storage _array) internal pure {
    // No hidden loop.
    require(_array.length > 0, "Empty array");
}

Background Information

See https://twitter.com/danielvf/status/1519381832592199681.

Code4Rena Report/Issue Link

TODO: Not found yet

Missing check whether contract exists before using solmate's SafeTransferLib

Severity

Which severity would you assign to this Issue?

• Gas Optimization
• Non-Critical
• Low Risk
• Med Risk
• High Risk

Description

solmate's SafeTransferLib states in the contract docs that none of the functions in this library check that a token has code at all! That responsibility is delegated to the caller.

A call to an address with no code will be a no-op since low-level calls to non-contracts always return success.

Consider verifying whether a contract, i.e. token, exists before using any SafeTransferLib functions:

require(token.code.length != 0, "Contract does not exist");

Example

🤦 Bad:

// Note that this function is for demonstration purposes only and should not be used as is.
function fetchTokens(address token, address from, uint amount) {
    ERC20(token).safeTransferFrom(from, amount);
}

🚀 Good:

// Note that this function is for demonstration purposes only and should not be used as is.
function fetchToken(address token, address from, uint amount) {
    require(token.code.length != 0, "Contract does not exist");
    ERC20(token).safeTransferFrom(from, amount);
}

Background Information

• solmate's SafeTransferLib

Code4Rena Report/Issue Link

• First point in c4's backed QA report