The BasketManager::deployBasket function will validate that a particular _name or _symbol has not been already reserved by encoding the string payload tightly, performing a keccak256 operation on the resulting payload, and using the final value as a key to the nameHashTaken or symbolHashTaken mappings respectively.
This approach is inefficient, as a mapping will perform a keccak256 operation on its key regardless, meaning that two keccak256 operations are performed per access of the mapping instead of one.
Example:
// verify _name is unique and available
require(!nameHashTaken[keccak256(abi.encodePacked(_name))], "Name not available");
// verify _symbol is unique and available
require(!symbolHashTaken[keccak256(abi.encodePacked(_symbol))], "Symbol not available");
Recommendation:
We advise the mapping declarations to be updated to use a string value as a key, ensuring a single keccak256 operation is performed and permitting the function to pass in the _name and _symbol values as keys directly with no pre-processing.
chasebrownn
commented
9 months ago
BMR-06C: Sub-Optimal Availability Mappings
Description:
The
BasketManager::deployBasketfunction will validate that a particular_nameor_symbolhas not been already reserved by encoding thestringpayload tightly, performing akeccak256operation on the resulting payload, and using the final value as a key to thenameHashTakenorsymbolHashTakenmappings respectively.This approach is inefficient, as a
mappingwill perform akeccak256operation on its key regardless, meaning that twokeccak256operations are performed per access of the mapping instead of one.Example:
Recommendation:
We advise the
mappingdeclarations to be updated to use astringvalue as a key, ensuring a singlekeccak256operation is performed and permitting the function to pass in the_nameand_symbolvalues as keys directly with no pre-processing.