Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constant variables using keccak can be immutable #172

Open
code423n4 opened this issue Jan 19, 2022 · 1 comment
Open

Constant variables using keccak can be immutable #172

code423n4 opened this issue Jan 19, 2022 · 1 comment
Assignees
@yondonfu
Labels
bug Something isn't working G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Handle

ye0lde

Vulnerability details

Impact

Changing the variables from constant to immutable will reduce keccak operations and save gas.

A previous finding with additional explanation and a pointer to the ethereum/solidity issue is here:
code-423n4/2021-10-slingshot-findings#3

Proof of Concept

These variables can simply be changed from constant to immutable:
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L114
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L116
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L121

Additional changes are needed for these variables since they are used in the constructor:
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L111
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/gateway/L2Migrator.sol#L59
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/token/LivepeerToken.sol#L9-L10
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/ControlledGateway.sol#L13

Here's an example of the changes needed in the constructor for:
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/ControlledGateway.sol#L13

contract ControlledGateway is AccessControl, Pausable {
    bytes32 public immutable GOVERNOR_ROLE;  

    address public immutable l1Lpt;
    address public immutable l2Lpt;

    constructor(address _l1Lpt, address _l2Lpt) {
        _setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
        _setRoleAdmin(GOVERNOR_ROLE = keccak256("GOVERNOR_ROLE"), DEFAULT_ADMIN_ROLE);

        l1Lpt = _l1Lpt;
        l2Lpt = _l2Lpt;
    }

    function pause() external onlyRole(GOVERNOR_ROLE) {
        _pause();
    }

    function unpause() external onlyRole(GOVERNOR_ROLE) {
        _unpause();
    }
}

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Change the constant variables to immutable as described in the POC.
@code423n4 code423n4 added bug Something isn't working G (Gas Optimization) labels Jan 19, 2022
code423n4 added a commit that referenced this issue Jan 19, 2022
@code423n4
ye0lde issue #172
2e89d59
This was referenced Jan 23, 2022
Closed
Closed
Closed
Closed
Closed
Closed
@yondonfu yondonfu added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Jan 24, 2022
@yondonfu yondonfu self-assigned this Jan 29, 2022
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L1+L2: Use DEFAULT_ADMIN_ROLE in ControlledGateway + child contracts
172e01f 
code-423n4/2022-01-livepeer-findings#116
code-423n4/2022-01-livepeer-findings#63
code-423n4/2022-01-livepeer-findings#172
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L2: Make roles immutable & private in LPT
45f02b8 
code-423n4/2022-01-livepeer-findings#63
code-423n4/2022-01-livepeer-findings#172
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L1+L2: Use DEFAULT_ADMIN_ROLE in migrators
d4b63be 
code-423n4/2022-01-livepeer-findings#63
code-423n4/2022-01-livepeer-findings#172
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L1: Use immutable for constants in L1Migrator
05b2cf1 
code-423n4/2022-01-livepeer-findings#172
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L1+L2: Use DEFAULT_ADMIN_ROLE in ControlledGateway + child contracts
46fa6b9 
code-423n4/2022-01-livepeer-findings#116
code-423n4/2022-01-livepeer-findings#63
code-423n4/2022-01-livepeer-findings#172
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L2: Make roles immutable & private in LPT
a7fb964 
code-423n4/2022-01-livepeer-findings#63
code-423n4/2022-01-livepeer-findings#172
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L1+L2: Use DEFAULT_ADMIN_ROLE in migrators
0eeec6b 
code-423n4/2022-01-livepeer-findings#63
code-423n4/2022-01-livepeer-findings#172
yondonfu added a commit to livepeer/arbitrum-lpt-bridge that referenced this issue Feb 1, 2022
@yondonfu
L1: Use immutable for constants in L1Migrator
2058a8a 
code-423n4/2022-01-livepeer-findings#172
@yondonfu yondonfu added the resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) label Feb 1, 2022
@yondonfu
Copy link
Collaborator

yondonfu commented Feb 1, 2022
edited

Fixed in livepeer/arbitrum-lpt-bridge@46fa6b9 livepeer/arbitrum-lpt-bridge@a7fb964 livepeer/arbitrum-lpt-bridge@0eeec6b livepeer/arbitrum-lpt-bridge@2058a8a

@code423n4 code423n4 mentioned this issue May 18, 2022
Open
This was referenced Jun 21, 2022
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yondonfu yondonfu

Labels
bug Something isn't working G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yondonfu @code423n4