search

code-423n4 / 2022-01-timeswap-findings

2 stars 0 forks source link

Adding unchecked directive can save gas #156

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

For the arithmetic operations that will never over/underflow, using the unchecked directive (Solidity v0.8 has default overflow/underflow checks) can save some gas from the unnecessary internal over/underflow checks.

For example:

https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Core/contracts/TimeswapPair.sol#L149-L150

        require(block.timestamp < maturity, 'E202');
        require(maturity - block.timestamp < 0x100000000, 'E208');

maturity - block.timestamp will never underflow.

https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Core/contracts/libraries/WithdrawMath.sol#L31-L33

        if (state.reserves.asset >= state.totalClaims.bond) return collateralOut;
        uint256 deficit = state.totalClaims.bond;
        deficit -= state.reserves.asset;

deficit -= state.reserves.asset will never underflow.

https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Convenience/contracts/libraries/MsgValue.sol#L12-L12

if (msg.value > value) ETH.transfer(payable(msg.sender), msg.value - value);

msg.value - value will never underflow.

Mathepreneur commented 2 years ago

https://github.com/Timeswap-Labs/Timeswap-V1-Core/pull/89 https://github.com/Timeswap-Labs/Timeswap-V1-Convenience/pull/57