moose-code
commented
2 years ago uint256[50] private __gap is common for smart contract upgrades to keep storage bits grouped logically together.
Open code423n4 opened 2 years ago
moose-code
commented
2 years ago uint256[50] private __gap is common for smart contract upgrades to keep storage bits grouped logically together.
1. Remove Unuse Variable __gap to Save Gas
Impact
Variable __gap was not used in VUSD.sol and some other contracts. They will increase the size of deployment with no real benefit
Proof of Concept
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/VUSD.sol#L30
Recommended Mitigation Steps
Remove Line 30 in VUSD.sol.
2. Variable "name" - Use bytes32 Rather Than String
Impact
If data can fit into 32 bytes, then you should use bytes32 datatype rather than bytes or strings as it is much cheaper in solidity. Basically, Any fixed size variable in solidity is cheaper than variable size. That will save gas on the contract.
Proof of Concept
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L28
Recommended Mitigation Steps
bytes32 public name;
3. Long Revert Strings are Waste of Gas
Impact
Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition has been met.
Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.
Proof of Concept
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L487 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L511 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L84 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/ClearingHouse.sol#L101 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L174 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L354 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L453 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/VUSD.sol#L55
Recommended Mitigation Steps
Shorten the revert strings to fit in 32 bytes.
Or consider using Custom Errors (solc >=0.8.4).
4. Variable Default Value is 0 and thus Initialized to 0 is Waste of Gas
Impact
The local variable need not be initialized to 0 because the default value is 0. Avoiding this anti-pattern can save a few opcodes and therefore a tiny bit of gas.
Proof of Concept
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L31
Recommended Mitigation Steps
Remove explicit 0 initialization.
uint constant VUSD_IDX;
5. Constructor Does Not Check for Zero Addresses
Impact
A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
Proof of Concept
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/Registry.sol#L12-L23
Recommended Mitigation Steps
Requires Addresses is not zero.
require(_oracle != address(0), "Address Can't Be Zero") require(_clearingHouse != address(0), "Address Can't Be Zero") require(_insuranceFund != address(0), "Address Can't Be Zero") require(_marginAccount != address(0), "Address Can't Be Zero") require(_vusd != address(0), "Address Can't Be Zero")