Open hats-bug-reporter[bot] opened 1 week ago
Jelev123
commented
1 week ago This issue is dub of #146 but it is also mine. The reason to submit it again is that my old wallet was hacked and i have to submit it again with my new wallet address. So this is the valid wallet address
FHieser
commented
2 days ago As we currently dont have a gas savings label I added it as enhancement
0xmahdirostami
commented
13 hours ago thanks but gas submission is different in hats
Please remember the following instructions: for next competition
Users need to clone the repository, make changes, and then upload it to their private repository. In their report, they should include the link to their private repository. After that, they will need to invite sponsors to their private repository. The winner will be chosen based on the average gas savings in tests. There are some rules to consider: if any test fails due to changes, the submission is invalid. Additionally, if a user employs assembly, the submission is also invalid.
and read competition scope for more details.
Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0x6de431ce4521a6bfff79e9c532cbd6295a434f6673159c2d15df538a2515f309 Severity: gas saving
Description: Description:
[Gas-1] Use != 0 instead of > 0 for unsigned integer comparison
if (workflowFeeAmount > 0)
[Gas-2 ]++i costs less gas compared to i++ or i += 1 (same for --i vs i-- or i -= 1) https://github.com/hats-finance/Inverter-Network-0xe47e52c4fea05e555920f1dcdcc6fb8eca103eeb/blob/09e3a91bdc298a8666f666efbce408178cd83ec8/src/external/forwarder/TransactionForwarder_v1.sol#L76
Pre-increments and pre-decrements are cheaper. For a uint256 i variable, the following is true with the Optimizer enabled at 10k: Increment: i += 1 is the most expensive form i++ costs 6 gas less than i += 1 ++i costs 5 gas less than i++ (11 gas less than i += 1) Decrement: i -= 1 is the most expensive form i-- costs 11 gas less than i -= 1 --i costs 5 gas less than i-- (16 gas less than i -= 1) In the pre-increment case, the compiler has to create a temporary variable (when used) for returning 1 instead of 2.
[Gas-3] Using private rather than public for constants, saves gas https://github.com/hats-finance/Inverter-Network-0xe47e52c4fea05e555920f1dcdcc6fb8eca103eeb/blob/09e3a91bdc298a8666f666efbce408178cd83ec8/src/external/fees/FeeManager_v1.sol#L67
If needed, the values can be read from the verified contract source code, or if there are multiple values there can be a single getter function that returns a tuple of the values of all currently-public constants. Saves 3406-3606 gas in deployment gas due to the compiler not having to create non-payable getter functions for deployment calldata, not having to store the bytes of the value outside of where it's used, and not adding another entry to the method ID table
[GAS-4] Cache array length outside of loop https://github.com/hats-finance/Inverter-Network-0xe47e52c4fea05e555920f1dcdcc6fb8eca103eeb/blob/09e3a91bdc298a8666f666efbce408178cd83ec8/src/proxies/InverterProxyAdmin_v1.sol#L47
If not cached, the solidity compiler will always read the length of the array during each iteration. That is, if it is a storage array, this is an extra sload operation (100 additional extra gas for each iteration except for the first) and if it is a memory array, this is an extra mload operation (3 additional gas for each iteration except for the first).
[GAS-5] Functions guaranteed to revert when called by normal users can be marked payable
https://github.com/hats-finance/Inverter-Network-0xe47e52c4fea05e555920f1dcdcc6fb8eca103eeb/blob/09e3a91bdc298a8666f666efbce408178cd83ec8/src/external/fees/FeeManager_v1.sol#L273
If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided.
Attack Scenario Describe how the vulnerability can be exploited. Attachments