search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

Dao contract's code size exceeds size limit. #2

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

jonah1005

Vulnerability details

Impact

Contract code size exceeds 24576 bytes.

It is too large to deploy.

Developers would definitely spot this before deploying to main-net and would not cause any harm to users. However, either deleting some require statements or refactor the contract into libraries at the last minute is not ideal. Many severe bugs were caused by "small changes" that seem harmless.

Proof of Concept

https://github.com/code-423n4/2021-07-spartan/blob/main/contracts/Dao.sol

Tools Used

hardhat

Recommended Mitigation Steps

Refactor the contract into several components (e.g. Controller, Vault, Vote

SamusElderg commented 3 years ago

Whilst the tooling throws a warning that the DAO contract is too large; in practice, it is small enough able to be deployed and not an issue. The contract is quite large; however, it is not over the limit when deploying.

SamusElderg commented 3 years ago

Just confirming that the reason for 'disputed' is because it is not too large to deploy despite the warning being triggered.

ghoul-sol commented 3 years ago

Per sponsor comment, invalid I assume compile optimizations save the day.