New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Constant variables using keccak can be immutable #172
Labels
bug
Something isn't working
G (Gas Optimization)
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
This was referenced Jan 23, 2022
Closed
yondonfu
added
the
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
label
Jan 24, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added a commit
to livepeer/arbitrum-lpt-bridge
that referenced
this issue
Feb 1, 2022
yondonfu
added
the
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
label
Feb 1, 2022
This was referenced Jun 21, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
G (Gas Optimization)
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
ye0lde
Vulnerability details
Impact
Changing the variables from constant to immutable will reduce keccak operations and save gas.
A previous finding with additional explanation and a pointer to the ethereum/solidity issue is here:
code-423n4/2021-10-slingshot-findings#3
Proof of Concept
These variables can simply be changed from
constant
toimmutable
:https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L114
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L116
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L121
Additional changes are needed for these variables since they are used in the constructor:
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L111
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/gateway/L2Migrator.sol#L59
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/token/LivepeerToken.sol#L9-L10
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/ControlledGateway.sol#L13
Here's an example of the changes needed in the constructor for:
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/ControlledGateway.sol#L13
Tools Used
Visual Studio Code, Remix
Recommended Mitigation Steps
Change the constant variables to immutable as described in the POC.
The text was updated successfully, but these errors were encountered: