Open code423n4 opened 2 years ago
might be a duplicate of https://github.com/code-423n4/2021-10-ambire-findings/issues/22 but it seems more like a superset as it's more detailed
Agree with the finding, although unchecked
ends up cluttering the source code
Will mark the other one as duplicate
Handle
WatchPug
Vulnerability details
For the arithmetic operations that will never over/underflow, using the unchecked directive (Solidity v0.8 has default overflow/underflow checks) can save some gas from the unnecessary internal over/underflow checks.
For example:
QuickAccManager.sol#send()
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/QuickAccManager.sol#L76-L76
block.timestamp + acc.timelock
will never overflow.Zapper.sol#exchangeV2()
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L114-L118
trade.path.length - 1
will never underflow.SignatureValidatorV2.sol#recoverAddrImpl()
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/libs/SignatureValidatorV2.sol#L53-L61
sig.length - 33
will never underflow.Identity.sol#execute()
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/Identity.sol#L95-L95
currentNonce + 1
will never overflow.