search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Bytes constants are more efficient than string constants #169

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

Dravee

Vulnerability details

Impact

From the Solidity doc:

If you can limit the length to a certain number of bytes, always use one of bytes1 to bytes32 because they are much cheaper.

Why do Solidity examples use bytes32 type instead of string?

bytes32 uses less gas because it fits in a single word of the EVM, and string is a dynamically sized-type which has current limitations in Solidity (such as can't be returned from a function to a contract).

If data can fit into 32 bytes, then you should use bytes32 datatype rather than bytes or strings as it is cheaper in solidity. Basically, any fixed size variable in solidity is cheaper than variable size. That will save gas on the contract.

Proof of Concept

Instances of string constant that can be replaced by bytes1 constant to bytes32 constant :

./ActivePool.sol:28:    string constant public NAME = "ActivePool";
./HintHelpers.sol:18:    string constant public NAME = "HintHelpers";
./LPRewards/Pool2Unipool.sol:75:    string constant public NAME = "Pool2Unipool";
./LPRewards/Unipool.sol:75:    string constant public NAME = "Unipool";
./PriceFeed.sol:26:    string constant public NAME = "PriceFeed";
./SortedTroves.sol:53:    string constant public NAME = "SortedTroves";
./TroveManager.sol:25:    string constant public NAME = "TroveManager";
./YETI/CommunityIssuance.sol:19:    string constant public NAME = "CommunityIssuance";
./YETI/LockupContract.sol:23:    string constant public NAME = "LockupContract";
./YETI/LockupContractFactory.sol:29:    string constant public NAME = "LockupContractFactory";
./YETI/ShortLockupContract.sol:23:    string constant public NAME = "LockupContract";
./YETI/YETIToken.sol:39:    string constant internal _NAME = "Yeti Finance";
./YETI/YETIToken.sol:40:    string constant internal _SYMBOL = "YETI";
./YETI/YETIToken.sol:41:    string constant internal _VERSION = "1";
./YUSDToken.sol:31:    string constant internal _NAME = "YUSD Stablecoin";
./YUSDToken.sol:32:    string constant internal _SYMBOL = "YUSD";
./YUSDToken.sol:33:    string constant internal _VERSION = "1";

Tools Used

VS Code

Recommended Mitigation Steps

Consider replacing constant string variables with bytes1 to bytes32 variables.

kingyetifinance commented 2 years ago

@LilYeti: Duplicate #3

alcueca commented 2 years ago

Taking as main