Duplicate math operations #57
Labels
bug
Warden finding
G (Gas Optimization)
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
pauliax
Vulnerability details
Impact
First perform the addition and only then check the length to avoid this duplicate math operation:
require(b.length >= index + 32, "BytesLib: length");
// Arrays are prefixed by a 256 bit length parameter
index += 32;
Or if you want to stay with this approach, then at least consider using the 'unchecked' keyword when this addition is performed the second time as then ready know this can't overflow. Also, in function recoverAddrImpl the same operation is performed twice:
sig.length - 33
Recommended Mitigation Steps
Refactor duplicate math operations.
The text was updated successfully, but these errors were encountered: