GalloDaSballo
commented
2 years ago Agree with finding, just KIS and use uint256
Open code423n4 opened 2 years ago
GalloDaSballo
commented
2 years ago Agree with finding, just KIS and use uint256
Handle
pauliax
Vulnerability details
Impact
There are several loops that use uint8 for an index parameter (i). It does not give any efficiency, actually, it is the opposite as EVM operates on default of 256-bit values so uint8 is more expensive in this case as it needs a conversion. It only gives improvements in cases where you can pack variables together, e.g. structs.
Proof of Concept
You can try and see yourself: // SPDX-License-Identifier: MIT pragma solidity 0.6.12; contract VaultHelper { function loopUint8( uint256[] calldata _amounts ) external { uint sum = 0; for (uint8 i = 0; i < _amounts.length; i++) { // [1,2,3,4,5,6] 23892 require(_amounts[i] > 0); sum += _amounts[i]; } } function loopUint256( uint256[] calldata _amounts ) external { uint sum = 0; for (uint256 i = 0; i < _amounts.length; i++) { // [1,2,3,4,5,6] 23768 require(_amounts[i] > 0); sum += _amounts[i]; } } }
Tools Used
Remix IDE
Recommended Mitigation Steps
Replace uint8 with uint256 in loop iterations.