finaliseProposal() function is never called from within the contract and so does not require public visibility. As described in https://mudit.blog/solidity-gas-optimization-tips/: “For all the public functions, the input parameters are copied to memory automatically, and it costs gas. If your function is only called externally, then you should explicitly mark it as external. External function’s parameters are not copied into memory but are read from calldata directly. This small optimization in your solidity code can save you a lot of gas when the function input parameters are huge.”
Given the one parameter of finaliseProposal() function, this will save some amount of gas.
Handle
0xRajeev
Vulnerability details
Impact
finaliseProposal() function is never called from within the contract and so does not require public visibility. As described in https://mudit.blog/solidity-gas-optimization-tips/: “For all the public functions, the input parameters are copied to memory automatically, and it costs gas. If your function is only called externally, then you should explicitly mark it as external. External function’s parameters are not copied into memory but are read from calldata directly. This small optimization in your solidity code can save you a lot of gas when the function input parameters are huge.”
Given the one parameter of finaliseProposal() function, this will save some amount of gas.
Proof of Concept
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/DAO.sol#L111
Tools Used
Manual Analysis
Recommended Mitigation Steps
Change visibility of finaliseProposal() to external