Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gas Optimizations #125

Open
code423n4 opened this issue Jun 24, 2022 · 0 comments
Open

Gas Optimizations #125

code423n4 opened this issue Jun 24, 2022 · 0 comments
Labels
bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Overview

Risk Rating Number of issues
Gas Issues 19

Table of Contents:

1. Use of the memory keyword when storage should be used

Here, the storage keyword should be used instead of memory:

File: Twav.sol
35:     function _getTwav() internal view returns(uint256 _twav){
36:         if (twavObservations[TWAV_BLOCK_NUMBERS - 1].timestamp != 0) {
37:             uint8 _index = ((twavObservationsIndex + TWAV_BLOCK_NUMBERS) - 1) % TWAV_BLOCK_NUMBERS;
- 38:             TwavObservation memory _twavObservationCurrent = twavObservations[(_index)];
+ 38:             TwavObservation storage _twavObservationCurrent = twavObservations[(_index)];
- 39:             TwavObservation memory _twavObservationPrev = twavObservations[(_index + 1) % TWAV_BLOCK_NUMBERS];
+ 39:             TwavObservation storage _twavObservationPrev = twavObservations[(_index + 1) % TWAV_BLOCK_NUMBERS];
40:             _twav = (_twavObservationCurrent.cumulativeValuation - _twavObservationPrev.cumulativeValuation) / (_twavObservationCurrent.timestamp - _twavObservationPrev.timestamp);
41:         }
42:     }

2. Unchecking arithmetics operations that can't underflow/overflow

Solidity version 0.8+ comes with implicit overflow and underflow checks on unsigned integers. When an overflow or an underflow isn't possible (as an example, when a comparison is made before the arithmetic operation), some gas can be saved by using an unchecked block: https://docs.soliditylang.org/en/v0.8.10/control-structures.html#checked-or-unchecked-arithmetic

Consider wrapping with an unchecked block here:

  • File: NibblVault.sol
311:         if (_totalSupply >= _initialTokenSupply) {
...
313:         } else {
...
- 319:                 _purchaseReturn = _initialTokenSupply - _totalSupply; 
+ 319:                 unchecked { _purchaseReturn = _initialTokenSupply - _totalSupply; }
373:         if(_totalSupply > _initialTokenSupply) {
...
- 378:                 uint256 _tokensPrimaryCurve = _totalSupply - _initialTokenSupply;
+ 378:                 unchecked { uint256 _tokensPrimaryCurve = _totalSupply - _initialTokenSupply; }
414:         if (_buyoutBid > _currentValuation) {
- 415:             safeTransferETH(payable(msg.sender), (_buyoutBid - _currentValuation));
+ 415:             unchecked { safeTransferETH(payable(msg.sender), (_buyoutBid - _currentValuation) });

3. Caching storage values in memory

The code can be optimized by minimising the number of SLOADs.

SLOADs are expensive (100 gas after the 1st one) compared to MLOADs/MSTOREs (3 gas each). Storage values read multiple times should instead be cached in memory the first time (costing 1 SLOAD) and then read from this cache to avoid multiple SLOADs.

See the @audit tags for details about the multiple SLOADs where a cached value should be used instead of SLOAD 2 and above:

File: Twav.sol
27:         uint256 _prevCumulativeValuation = twavObservations[((twavObservationsIndex + TWAV_BLOCK_NUMBERS) - 1) % TWAV_BLOCK_NUMBERS].cumulativeValuation;
28:         twavObservations[twavObservationsIndex] = TwavObservation(_blockTimestamp, _prevCumulativeValuation + (_valuation * _timeElapsed)); //add the previous observation to make it cumulative
29:         twavObservationsIndex = (twavObservationsIndex + 1) % TWAV_BLOCK_NUMBERS;
File: NibblVault.sol
222:         uint256 _maxSecondaryBalanceIncrease = fictitiousPrimaryReserveBalance - secondaryReserveBalance;
...
226:         secondaryReserveRatio = uint32((secondaryReserveBalance * SCALE * 1e18) / (initialTokenSupply * initialTokenPrice)); //secondaryReserveRatio is updated on every trade 
File: NibblVault.sol
314:             uint256 _lowerCurveDiff = getMaxSecondaryCurveBalance() - secondaryReserveBalance;
...
320:                 secondaryReserveBalance += _lowerCurveDiff;
File: NibblVault.sol
379:                 _saleReturn = primaryReserveBalance - fictitiousPrimaryReserveBalance;
380:                 primaryReserveBalance -= _saleReturn;
File: NibblVaultFactory.sol
107:         require(basketUpdateTime != 0 && block.timestamp >= basketUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
File: NibblVaultFactory.sol
131:         require(feeToUpdateTime != 0 && block.timestamp >= feeToUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
File: NibblVaultFactory.sol
166:         require(vaultUpdateTime != 0 && block.timestamp >= vaultUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");

4. Cheap Contract Deployment Through Clones

See @audit tag:

67:     function _executeTransfer(address _owner, uint256 _idx) internal {
68:         (bytes32 salt, ) = precompute(_owner, _idx);
69:         new FlashEscrow{salt: salt}( //@audit gas: deployment can cost less through clones
70:             nftAddress,
71:             _encodeFlashEscrowPayload(_idx)
72:         );
73:     }
NibblVaultFactory.sol:50:        _proxyVault = payable(new ProxyVault{salt: keccak256(abi.encodePacked(_curator, _assetAddress, _assetTokenID, _initialSupply, _initialTokenPrice))}(payable(address(this))));
NibblVaultFactory.sol:81:        address payable _basketAddress = payable(new ProxyBasket{salt: keccak256(abi.encodePacked(_curator, _mix))}(basketImplementation));

There's a way to save a significant amount of gas on deployment using Clones: https://www.youtube.com/watch?v=3Mw-pMmJ7TA .

This is a solution that was adopted, as an example, by Porter Finance. They realized that deploying using clones was 10x cheaper:

Consider applying a similar pattern, here with a cloneDeterministic method to mimic the current create2

5. Reduce the size of error messages (Long revert Strings)

Shortening revert strings to fit in 32 bytes will decrease deployment time gas and will decrease runtime gas when the revert condition is met.

Revert strings that are longer than 32 bytes require at least one additional mstore, along with additional overhead for computing memory offset, etc.

Revert strings > 32 bytes:

NibblVaultFactory.sol:48:        require(msg.value >= MIN_INITIAL_RESERVE_BALANCE, "NibblVaultFactory: Initial reserve balance too low");
NibblVaultFactory.sol:49:        require(IERC721(_assetAddress).ownerOf(_assetTokenID) == msg.sender, "NibblVaultFactory: Invalid sender");
NibblVaultFactory.sol:107:        require(basketUpdateTime != 0 && block.timestamp >= basketUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:131:        require(feeToUpdateTime != 0 && block.timestamp >= feeToUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:141:        require(_newFee <= MAX_ADMIN_FEE, "NibblVaultFactory: Fee value greater than MAX_ADMIN_FEE");
NibblVaultFactory.sol:149:        require(feeAdminUpdateTime != 0 && block.timestamp >= feeAdminUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:166:        require(vaultUpdateTime != 0 && block.timestamp >= vaultUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");

Consider shortening the revert strings to fit in 32 bytes.

6. SafeMath is not needed when using Solidity version 0.8+

Solidity version 0.8+ already implements overflow and underflow checks by default.
Using the SafeMath library from OpenZeppelin (which is more gas expensive than the 0.8+ overflow checks) is therefore redundant.

Consider using the built-in checks instead of SafeMath and remove SafeMath here:

NibblVaultFactory.sol:3:pragma solidity 0.8.10;
NibblVaultFactory.sol:9:import { SafeMath } from  "@openzeppelin/contracts/utils/math/SafeMath.sol";

7. Duplicated conditions should be refactored to a modifier or function to save deployment costs

Basket.sol:36:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:42:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:53:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:62:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:69:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:79:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:86:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:92:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
NibblVault.sol:475:        require(msg.sender == curator,"NibblVault: Only Curator");
NibblVault.sol:486:        require(msg.sender == curator,"NibblVault: Only Curator");
NibblVault.sol:496:        require(msg.sender == bidder,"NibblVault: Only winner");
NibblVault.sol:505:        require(msg.sender == bidder,"NibblVault: Only winner");
NibblVault.sol:516:        require(msg.sender == bidder, "NibblVault: Only winner");
NibblVault.sol:524:        require(msg.sender == bidder, "NibblVault: Only winner");
NibblVault.sol:536:        require(msg.sender == bidder, "NibblVault: Only winner");
NibblVault.sol:546:        require(msg.sender == bidder, "NibblVault: Only winner");

8. Internal/Private functions only called once can be inlined to save gas

Not inlining costs 20 to 40 gas because of two extra JUMP instructions and additional stack operations needed for function calls.

Affected code:

  • NibblVault.sol#getMaxSecondaryCurveBalance()
contracts/NibblVault.sol:
  252:     function getMaxSecondaryCurveBalance() private view returns(uint256){
  314:             uint256 _lowerCurveDiff = getMaxSecondaryCurveBalance() - secondaryReserveBalance;

9. >= is cheaper than > (and <= cheaper than <)

Strict inequalities (>) are more expensive than non-strict ones (>=). This is due to some supplementary checks (ISZERO, 3 gas). This also holds true between <= and <.

Consider replacing strict inequalities with non-strict ones to save some gas here:

NibblVault.sol:224:        _feeCurve = _maxSecondaryBalanceIncrease > _feeCurve ? _feeCurve : _maxSecondaryBalanceIncrease; // the curve fee is capped so that secondaryReserveBalance <= fictitiousPrimaryReserveBalance

10. Splitting require() statements that use && saves gas

If you're using the Optimizer at 200, instead of using the && operator in a single require statement to check multiple conditions, Consider using multiple require statements with 1 condition per require statement:

NibblVaultFactory.sol:107:        require(basketUpdateTime != 0 && block.timestamp >= basketUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:131:        require(feeToUpdateTime != 0 && block.timestamp >= feeToUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:149:        require(feeAdminUpdateTime != 0 && block.timestamp >= feeAdminUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:166:        require(vaultUpdateTime != 0 && block.timestamp >= vaultUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");

Please, note that this might not hold true at a higher number of runs for the Optimizer (10k). However, it indeed is true at 200.

11. Using private rather than public for constants saves gas

If needed, the value can be read from the verified contract source code. Savings are due to the compiler not having to create non-payable getter functions for deployment calldata, and not adding another entry to the method ID table

Utilities/AccessControlMechanism.sol:12:    bytes32 public constant FEE_ROLE = keccak256("FEE_ROLE");
Utilities/AccessControlMechanism.sol:13:    bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
Utilities/AccessControlMechanism.sol:14:    bytes32 public constant IMPLEMENTER_ROLE = keccak256("IMPLEMENTER_ROLE");
Utilities/NibblVaultFactoryData.sol:7:    uint256 public constant MAX_ADMIN_FEE = 10_000; //1%

12. Amounts should be checked for 0 before calling a transfer

Checking non-zero transfer values can avoid an expensive external call and save gas (especially in loops, like in NibblVault.sol#withdrawMultipleERC20()).

Consider adding a non-zero-value check here:

Basket.sol:80:        _to.transfer(address(this).balance);
Basket.sol:87:        IERC20(_token).transfer(msg.sender, IERC20(_token).balanceOf(address(this)));
Basket.sol:94:            IERC20(_tokens[i]).transfer(msg.sender, IERC20(_tokens[i]).balanceOf(address(this)));
NibblVault.sol:517:        IERC20(_asset).transfer(_to, IERC20(_asset).balanceOf(address(this)));
NibblVault.sol:526:            IERC20(_assets[i]).transfer(_to, IERC20(_assets[i]).balanceOf(address(this)));

13. <array>.length should not be looked up in every loop of a for-loop

Reading array length at each iteration of the loop consumes more gas than necessary.

In the best case scenario (length read on a memory variable), caching the array length in the stack saves around 3 gas per iteration.
In the worst case scenario (external calls at each iteration), the amount of gas wasted can be massive.

Here, Consider storing the array's length in a variable before the for-loop, and use this new variable instead:

Basket.sol:43:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:70:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:93:        for (uint256 i = 0; i < _tokens.length; i++) {
NibblVault.sol:506:        for (uint256 i = 0; i < _assetAddresses.length; i++) {
NibblVault.sol:525:        for (uint256 i = 0; i < _assets.length; i++) {
NibblVault.sol:547:        for (uint256 i = 0; i < _assets.length; i++) {

14. ++i costs less gas compared to i++ or i += 1 (same for --i vs i-- or i -= 1)

Pre-increments and pre-decrements are cheaper.

For a uint256 i variable, the following is true with the Optimizer enabled at 10k:

Increment:

  • i += 1 is the most expensive form
  • i++ costs 6 gas less than i += 1
  • ++i costs 5 gas less than i++ (11 gas less than i += 1)

Decrement:

  • i -= 1 is the most expensive form
  • i-- costs 11 gas less than i -= 1
  • --i costs 5 gas less than i-- (16 gas less than i -= 1)

Note that post-increments (or post-decrements) return the old value before incrementing or decrementing, hence the name post-increment:

uint i = 1;  
uint j = 2;
require(j == i++, "This will be false as i is incremented after the comparison");

However, pre-increments (or pre-decrements) return the new value:

uint i = 1;  
uint j = 2;
require(j == ++i, "This will be true as i is incremented before the comparison");

In the pre-increment case, the compiler has to create a temporary variable (when used) for returning 1 instead of 2.

Affected code:

Basket.sol:43:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:70:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:93:        for (uint256 i = 0; i < _tokens.length; i++) {
NibblVault.sol:506:        for (uint256 i = 0; i < _assetAddresses.length; i++) {
NibblVault.sol:525:        for (uint256 i = 0; i < _assets.length; i++) {
NibblVault.sol:547:        for (uint256 i = 0; i < _assets.length; i++) {

Consider using pre-increments and pre-decrements where they are relevant (meaning: not where post-increments/decrements logic are relevant).

15. Increments/decrements can be unchecked in for-loops

In Solidity 0.8+, there's a default overflow check on unsigned integers. It's possible to uncheck this in for-loops and save some gas at each iteration, but at the cost of some code readability, as this uncheck cannot be made inline.

ethereum/solidity#10695

Affected code:

Basket.sol:43:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:70:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:93:        for (uint256 i = 0; i < _tokens.length; i++) {
NibblVault.sol:506:        for (uint256 i = 0; i < _assetAddresses.length; i++) {
NibblVault.sol:525:        for (uint256 i = 0; i < _assets.length; i++) {
NibblVault.sol:547:        for (uint256 i = 0; i < _assets.length; i++) {

The change would be:

- for (uint256 i; i < numIterations; i++) {
+ for (uint256 i; i < numIterations;) {
 // ...  
+   unchecked { ++i; }
}

The same can be applied with decrements (which should use break when i == 0).

The risk of overflow is non-existant for uint256 here.

16. Public functions to external

An external call cost is less expensive than one of a public function.
The following functions could be set external to save gas and improve code quality (extracted from Slither).

Twav/Twav.sol:44:    function getTwavObservations() public view returns(TwavObservation[TWAV_BLOCK_NUMBERS] memory) {
NibblVaultFactory.sol:76:    function getVaults() public view returns(ProxyVault[] memory ) {

17. It costs more gas to initialize variables with their default value than letting the default value be applied

If a variable is not set/initialized, it is assumed to have the default value (0 for uint, false for bool, address(0) for address...). Explicitly initializing it with its default value is an anti-pattern and wastes gas.

As an example: for (uint256 i = 0; i < numIterations; ++i) { should be replaced with for (uint256 i; i < numIterations; ++i) {

Affected code:

Basket.sol:43:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:70:        for (uint256 i = 0; i < _tokens.length; i++) {
Basket.sol:93:        for (uint256 i = 0; i < _tokens.length; i++) {
NibblVault.sol:506:        for (uint256 i = 0; i < _assetAddresses.length; i++) {
NibblVault.sol:525:        for (uint256 i = 0; i < _assets.length; i++) {
NibblVault.sol:547:        for (uint256 i = 0; i < _assets.length; i++) {

Consider removing explicit initializations for default values.

18. Use Custom Errors instead of Revert Strings to save Gas

Solidity 0.8.4 introduced custom errors. They are more gas efficient than revert strings, when it comes to deploy cost as well as runtime cost when the revert condition is met. Use custom errors instead of revert strings for gas savings.

Custom errors from Solidity 0.8.4 are cheaper than revert strings (cheaper deployment cost and runtime cost when the revert condition is met)

Source: https://blog.soliditylang.org/2021/04/21/custom-errors/:

Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them.

Custom errors are defined using the error statement, which can be used inside and outside of contracts (including interfaces and libraries).

Consider replacing all revert strings with custom errors in the solution.

Utilities/AccessControlMechanism.sol:48:        require(pendingRoles[_role][msg.sender], "AccessControl: Role not pending");
Basket.sol:36:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:42:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:53:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:62:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:69:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:79:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:86:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
Basket.sol:92:        require(_isApprovedOrOwner(msg.sender, 0), "withdraw:not allowed");
NibblVault.sol:129:        require(unlocked == 1, 'NibblVault: LOCKED');
NibblVault.sol:139:        require(buyoutEndTime > block.timestamp || buyoutEndTime == 0,'NibblVault: Bought Out');
NibblVault.sol:146:        require(status == Status.buyout, "NibblVault: status != buyout");
NibblVault.sol:147:        require(buyoutEndTime <= block.timestamp, "NibblVault: buyoutEndTime <= now");
NibblVault.sol:154:        require(!NibblVaultFactory(factory).paused(), 'NibblVault: Paused');
NibblVault.sol:184:        require(_secondaryReserveRatio <= primaryReserveRatio, "NibblVault: Excess initial funds");
NibblVault.sol:185:        require(_secondaryReserveRatio >= MIN_SECONDARY_RESERVE_RATIO, "NibblVault: secResRatio too low");
NibblVault.sol:325:        require(_minAmtOut <= _purchaseReturn, "NibblVault: Return too low");
NibblVault.sol:351:        require(_secondaryReserveBalance - _saleReturn >= MIN_SECONDARY_RESERVE_BALANCE, "NibblVault: Excess sell");
NibblVault.sol:387:        require(_saleReturn >= _minAmtOut, "NibblVault: Return too low");
NibblVault.sol:399:        require(block.timestamp >= minBuyoutTime, "NibblVault: minBuyoutTime < now");
NibblVault.sol:400:        require(status == Status.initialized, "NibblVault: Status!=initialized");
NibblVault.sol:404:        require(_buyoutBid >= _currentValuation, "NibblVault: Bid too low");
NibblVault.sol:444:        require(status == Status.buyout, "NibblVault: Status!=Buyout");
NibblVault.sol:475:        require(msg.sender == curator,"NibblVault: Only Curator");
NibblVault.sol:486:        require(msg.sender == curator,"NibblVault: Only Curator");
NibblVault.sol:496:        require(msg.sender == bidder,"NibblVault: Only winner");
NibblVault.sol:505:        require(msg.sender == bidder,"NibblVault: Only winner");
NibblVault.sol:516:        require(msg.sender == bidder, "NibblVault: Only winner");
NibblVault.sol:524:        require(msg.sender == bidder, "NibblVault: Only winner");
NibblVault.sol:536:        require(msg.sender == bidder, "NibblVault: Only winner");
NibblVault.sol:546:        require(msg.sender == bidder, "NibblVault: Only winner");
NibblVault.sol:561:        require(block.timestamp <= deadline, "NibblVault: expired deadline");
NibblVault.sol:564:        require(signer == owner, "NibblVault: invalid signature");
NibblVault.sol:570:        require(success, "NibblVault: ETH transfer failed");
NibblVaultFactory.sol:48:        require(msg.value >= MIN_INITIAL_RESERVE_BALANCE, "NibblVaultFactory: Initial reserve balance too low");
NibblVaultFactory.sol:49:        require(IERC721(_assetAddress).ownerOf(_assetTokenID) == msg.sender, "NibblVaultFactory: Invalid sender");
NibblVaultFactory.sol:107:        require(basketUpdateTime != 0 && block.timestamp >= basketUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:114:        require(_success);
NibblVaultFactory.sol:131:        require(feeToUpdateTime != 0 && block.timestamp >= feeToUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:141:        require(_newFee <= MAX_ADMIN_FEE, "NibblVaultFactory: Fee value greater than MAX_ADMIN_FEE");
NibblVaultFactory.sol:149:        require(feeAdminUpdateTime != 0 && block.timestamp >= feeAdminUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");
NibblVaultFactory.sol:166:        require(vaultUpdateTime != 0 && block.timestamp >= vaultUpdateTime, "NibblVaultFactory: UPDATE_TIME has not passed");

19. Functions guaranteed to revert when called by normal users can be marked payable

If a function modifier such as onlyOwner is used, the function will revert if a normal user tries to pay the function. Marking the function as payable will lower the gas cost for legitimate callers because the compiler will not include checks for whether a payment was provided.

Utilities/AccessControlMechanism.sol:32:    function setRoleAdmin(bytes32 _role, bytes32 _adminRole) external override onlyRole(getRoleAdmin(_role)) {
Utilities/AccessControlMechanism.sol:40:    function proposeGrantRole(bytes32 _role, address _to) external override onlyRole(getRoleAdmin(_role)) {
NibblVaultFactory.sol:99:    function proposeNewBasketImplementation(address _newBasketImplementation) external override onlyRole(IMPLEMENTER_ROLE) {
NibblVaultFactory.sol:123:    function proposeNewAdminFeeAddress(address _newFeeAddress) external override onlyRole(FEE_ROLE) {
NibblVaultFactory.sol:140:    function proposeNewAdminFee(uint256 _newFee) external override onlyRole(FEE_ROLE) {
NibblVaultFactory.sol:158:    function proposeNewVaultImplementation(address _newVaultImplementation) external override onlyRole(IMPLEMENTER_ROLE) {
NibblVaultFactory.sol:173:    function pause() external onlyRole(PAUSER_ROLE) override {
NibblVaultFactory.sol:179:    function unPause() external onlyRole(PAUSER_ROLE) override {
@code423n4 code423n4 added bug Something isn't working G (Gas Optimization) labels Jun 24, 2022
code423n4 added a commit that referenced this issue Jun 24, 2022
@code423n4
BowTiedWardens issue #125
6e98340
@mundhrakeshav mundhrakeshav added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Jun 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mundhrakeshav @code423n4