Open code423n4 opened 2 years ago
TomFrenchBlockchain
Gas consumption
https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/tokens/converter/Converter.sol#L50
Each claim performs a SSTORE to a fresh slot in order to mark a leaf as claimed. This results in each user paying 20k gas in order to invalidate a leaf whereas if many users shared the same slot they would pay 5k gas instead.
See Uniswap's implementation for inspiration:
https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol
Use bitmap for leaf invalidation
Handle
TomFrenchBlockchain
Vulnerability details
Impact
Gas consumption
Proof of Concept
https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/tokens/converter/Converter.sol#L50
Each claim performs a SSTORE to a fresh slot in order to mark a leaf as claimed. This results in each user paying 20k gas in order to invalidate a leaf whereas if many users shared the same slot they would pay 5k gas instead.
See Uniswap's implementation for inspiration:
https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol
Recommended Mitigation Steps
Use bitmap for leaf invalidation