Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them.
Custom errors are defined using the error statement, which can be used inside and outside of contracts (including interfaces and libraries).
These contracts use Solidity 0.8.9 and use revert strings:
contracts\utils\EIP1271Wallet.sol:102: "encoded: invalid length"
contracts\utils\EIP1271Wallet.sol:119: "encoded: invalid length"
contracts\utils\EIP1271Wallet.sol:140: "invalid slippage limit"
contracts\sNOTE.sol:245: "Not in Redemption Window"
contracts\TreasuryManager.sol:99: "purchase limit is too high"
pauliax
commented
2 years ago
Handle
Dravee
Vulnerability details
Impact
Custom errors from Solidity 0.8.4 are cheaper than revert strings.
Proof of Concept
Source: https://blog.soliditylang.org/2021/04/21/custom-errors/:
Custom errors are defined using the
errorstatement, which can be used inside and outside of contracts (including interfaces and libraries).These contracts use Solidity 0.8.9 and use revert strings:
Tools Used
VS Code
Recommended Mitigation Steps
Replace revert strings with custom errors.