Open code423n4 opened 1 year ago
Picodes marked the issue as grade-a
Depending on the number of deployments this could be the biggest gas saving so far
Picodes marked the issue as selected for report
@Picodes we didn't use proxies for 2 reasons (it would have obviously been easier;):
+ even if using a non-upgradeable proxy, some users have concern with such (I know, ux/docs/education is out of scope;)
In summary, not convinced this would be the biggest gas saving, on an overall basis
Indeed it totally depend on the usage!
Giving this option to users could easily save a lot of gas for project that expect only a few transactions. I also selected this report as it's the only one suggesting this.
The deployment of the clone contract would be only <50k
gas and then per call <2k
(700 for the DELEGATECALL
, 2600
for the cold address and then the memory expansion) so it'd be worth it for projects with less than a few hundred transactions
Optimize NFT delegate deployments by using proxy
Targets
https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721DelegateDeployer.sol#L115
Impact
The cost of NFT delegate deployments can be significantly reduced by deploying proxies instead of clones of the implementation.
Proof of Concept
This function is used to deploy new NFT delegates (JBTiered721DelegateDeployer.sol#L115):
It copies the code of an existing contract (
JBTiered721Delegate
,JB721TieredGovernance
, orJB721GlobalGovernance
) and deploys a new contract with the same code. This is a costly operation because each of the three contracts is a big contract with a lot of code. It'll be much cheaper to deploy non-upgradable proxies instead.Tools Used
Manual review.
Recommended Mitigation Steps
Consider using the Clones library from OpenZeppelin–it deploys and absolutely minimal non-upgradable proxy contract. Such proxies, however, cannot be verified on Etherscan. Some more info.