Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unchecked loop increments no valid in solidity > v0.8.22 #38

Open
c4-bot-7 opened this issue Mar 19, 2024 · 6 comments
Open

unchecked loop increments no valid in solidity > v0.8.22 #38

c4-bot-7 opened this issue Mar 19, 2024 · 6 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue G (Gas Optimization) G-12 grade-b insufficient quality report This report is not of sufficient quality primary issue Highest quality submission among a set of duplicates

Comments

@c4-bot-7
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2024-03-coinbase/blob/e0573369b865d47fed778de00a7b6df65ab1744e/src/SmartWallet/CoinbaseSmartWallet.sol#L208-L210

Vulnerability details

Impact

The new optimization in v0.8.22 removes the need for poor unchecked increment patterns in for loop bodies such

Proof of Concept

Solidity 0.8.22 introduces an overflow check optimization that automatically generates an unchecked arithmetic increment of the counter of for loops.

Tools Used

manual

Recommended Mitigation Steps

do not use ++i in >v0.8.22

Assessed type

Other
@c4-bot-7 c4-bot-7 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Mar 19, 2024
c4-bot-5 added a commit that referenced this issue Mar 19, 2024
@c4-bot-5
Hajime issue #38
a2d3079
@c4-pre-sort c4-pre-sort added the insufficient quality report This report is not of sufficient quality label Mar 22, 2024
@c4-pre-sort
Copy link

raymondfam marked the issue as insufficient quality report

@c4-pre-sort
Copy link

raymondfam marked the issue as primary issue

@c4-pre-sort c4-pre-sort added the primary issue Highest quality submission among a set of duplicates label Mar 22, 2024
@raymondfam
Copy link

It's meant for gas optimization.

@3docSec
Copy link

3docSec commented Mar 27, 2024

The lookout made a good point.

@c4-judge
Copy link
Contributor

3docSec changed the severity to G (Gas Optimization)

@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue G (Gas Optimization) and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Mar 27, 2024
@c4-judge
Copy link
Contributor

3docSec marked the issue as grade-b

@C4-Staff C4-Staff added the G-12 label Apr 1, 2024
stevieraykatz added a commit to coinbase/smart-wallet that referenced this issue Apr 3, 2024
@stevieraykatz
Leverage solidity overflow check optimization for loop index increment.
681a7ee 
code-423n4/2024-03-coinbase-findings#38
@stevieraykatz stevieraykatz mentioned this issue Apr 3, 2024
Merged
stevieraykatz added a commit to coinbase/smart-wallet that referenced this issue Apr 4, 2024
@stevieraykatz
Smart Wallet gas optimizations from Code4rena audit (#45)
8d4ccf3 
* Leverage solidity overflow check optimization for loop index increment. code-423n4/2024-03-coinbase-findings#38

* Cache storage var for use in loop, update once at the end. Per code-423n4/2024-03-coinbase-findings#195, G-01

* Cache storage pointer and reference in intialization. Per code-423n4/2024-03-coinbase-findings#195, G-02

* Remove no-op assigning of default value. Per code-423n4/2024-03-coinbase-findings#195 G-09

* Add new gas snapshot

* Revert erc1271 change

* Rerun snapshot

* Remove _addOwner method and call _addOwnerAtIndex directly
@c4-bot-2 c4-bot-2 mentioned this issue Apr 10, 2024
Open
@c4-bot-8 c4-bot-8 mentioned this issue Apr 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue G (Gas Optimization) G-12 grade-b insufficient quality report This report is not of sufficient quality primary issue Highest quality submission among a set of duplicates
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@raymondfam @c4-judge @c4-pre-sort @C4-Staff @c4-bot-7 @3docSec