There are several loops that use uint8 for an index parameter (i). It does not give any efficiency, actually, it is the opposite as EVM operates on default of 256-bit values so uint8 is more expensive in this case as it needs a conversion. It only gives improvements in cases where you can pack variables together, e.g. structs.
Proof of Concept
You can try and see yourself:
// SPDX-License-Identifier: MIT
pragma solidity 0.6.12;
contract VaultHelper {
function loopUint8(
uint256[] calldata _amounts
)
external
{
uint sum = 0;
for (uint8 i = 0; i < _amounts.length; i++) { // [1,2,3,4,5,6] 23892
require(_amounts[i] > 0);
sum += _amounts[i];
}
}
function loopUint256(
uint256[] calldata _amounts
)
external
{
uint sum = 0;
for (uint256 i = 0; i < _amounts.length; i++) { // [1,2,3,4,5,6] 23768
require(_amounts[i] > 0);
sum += _amounts[i];
}
}
}
Handle
pauliax
Vulnerability details
Impact
There are several loops that use uint8 for an index parameter (i). It does not give any efficiency, actually, it is the opposite as EVM operates on default of 256-bit values so uint8 is more expensive in this case as it needs a conversion. It only gives improvements in cases where you can pack variables together, e.g. structs.
Proof of Concept
You can try and see yourself: // SPDX-License-Identifier: MIT pragma solidity 0.6.12; contract VaultHelper { function loopUint8( uint256[] calldata _amounts ) external { uint sum = 0; for (uint8 i = 0; i < _amounts.length; i++) { // [1,2,3,4,5,6] 23892 require(_amounts[i] > 0); sum += _amounts[i]; } } function loopUint256( uint256[] calldata _amounts ) external { uint sum = 0; for (uint256 i = 0; i < _amounts.length; i++) { // [1,2,3,4,5,6] 23768 require(_amounts[i] > 0); sum += _amounts[i]; } } }
Tools Used
Remix IDE
Recommended Mitigation Steps
Replace uint8 with uint256 in loop iterations.