Coder Social home page Coder Social logo

c4-common-issues's Issues

Remove or adjust G006

Remove or adjust: G006 - immutable for OpenZeppelin AccessControl's Roles Declarations

Since Solidity version 0.6.12 the keccak256 of string literals are treated specially and the hash is evaluated at compile time. It's not even necessary to have optimizations enabled.

Severity

Which severity would you assign to this Issue?

  • Gas Optimization
  • Non-Critical
  • Low Risk
  • Med Risk
  • High Risk

Hidden unbounded loop in function call due to storage to memory copy

Hidden unbounded loop in function call due to storage to memory copy

Severity

Which severity would you assign to this Issue?

  • Gas Optimization
  • Non-Critical
  • Low Risk
  • Med Risk
  • High Risk

Description

See https://twitter.com/danielvf/status/1519381832592199681.

Example

If applicable, provide a small example. If not, delete this section.

🀦 Bad:

unit[] public array;

function _requireLength(unit[] memory _array) internal pure {
    // The memory keyword leads to SLOADing the entire array into memory, i.e. creates hidden, unbounded loop.
    require(_array.length > 0, "Empty array");
}

πŸš€ Good:

unit[] public array;

function _requireLength(unit[] storage _array) internal pure {
    // No hidden loop.
    require(_array.length > 0, "Empty array");
}

Background Information

See https://twitter.com/danielvf/status/1519381832592199681.

Code4Rena Report/Issue Link

TODO: Not found yet

Missing check whether contract exists before using `solmate`'s `SafeTransferLib`

Missing check whether contract exists before using solmate's SafeTransferLib

Severity

Which severity would you assign to this Issue?

  • Gas Optimization
  • Non-Critical
  • Low Risk
  • Med Risk
  • High Risk

Description

solmate's SafeTransferLib states in the contract docs that none of the functions in this library check that a token has code at all! That responsibility is delegated to the caller.

A call to an address with no code will be a no-op since low-level calls to non-contracts always return success.

Consider verifying whether a contract, i.e. token, exists before using any SafeTransferLib functions:

require(token.code.length != 0, "Contract does not exist");

Example

🀦 Bad:

// Note that this function is for demonstration purposes only and should not be used as is.
function fetchTokens(address token, address from, uint amount) {
    ERC20(token).safeTransferFrom(from, amount);
}

πŸš€ Good:

// Note that this function is for demonstration purposes only and should not be used as is.
function fetchToken(address token, address from, uint amount) {
    require(token.code.length != 0, "Contract does not exist");
    ERC20(token).safeTransferFrom(from, amount);
}

Background Information

Code4Rena Report/Issue Link

`++i` is more gas efficient than `i++` or `i += i` (if x = 1)

++i is more gas efficient than i++ or i += x (if x = 1)

Severity

Which severity would you assign to this Issue?

  • Gas Optimization
  • Non-Critical
  • Low Risk
  • Med Risk
  • High Risk

Description

writing a value to a slot that doesn’t have one will be more expensive than writing to one that does.
when incrementing an integer, ++i (return old value, then add 1) is cheaper than i++ (add 1, then return new value)

Example

🀦 Bad:

/// @dev Consumes ~21586 gas on average.
function war() external pure returns (uint256 result) {
         uint i = 1;
        result += i;
    }

or

/// @dev Consumes ~21557 gas on average.
function bar() external pure returns (uint256 result) {
     result ++;
    }

πŸš€ Good:

 /// @dev Consumes ~21530 gas on average. 
function foo() external pure returns (uint256 result) {
        ++ result;
    }

Background Information

https://m1guelpf.blog/d0gBiaUn48Odg8G2rhs3xLIjaL8MfrWReFkjg8TmDoM

`iszero(x)` instruction is more gas efficient than `x == 0`

The iszero(x) instruction is more gas efficient than x == 0

Severity

Which severity would you assign to this Issue?

  • Gas Optimization
  • Non-Critical
  • Low Risk
  • Med Risk
  • High Risk

Description

With the use of the EVM dialect (=Yul), zero checking can be made more efficient via inline assembly.

Example

🀦 Bad:

/// @dev Consumes ~21812 gas on average.
function foo(uint256 x) external pure returns (bool result) {
    return x == 0;
}

πŸš€ Good:

/// @dev Consumes ~21787 gas on average.
function bar(uint256 x) external pure returns (bool result) {
    assembly {
        result := iszero(x)
    }
}

Background Information

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.