Use unchecked{} where the underlying arithmetic can be determined to not overflow/underflow #152
Labels
bug
Warden finding
duplicate
Another warden found this issue
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Comments
frank-beard
added
the
sponsor acknowledged
|
Agree with finding |
|
Duplicate of #135 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
0xRajeev
Vulnerability details
Impact
Using unchecked{} where the underlying arithmetic can be determined to not overflow/underflow will save gas from skipping the built-in Solidity checks of compiler version >= 0.8.0.
Example 1: based on the control flow, we can determine that lastFee will always be less than block.timestamp and therefore we can use unchecked{} for their subtraction on Basket:L116 because there is no risk of underflow.
Example 2: Given the mints, we can be assured that totalSupply() >= startSupply and therefore the RHS on L124 will be <= ibRatio and therefore we can use unchecked{} for the calculation.
Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L116
https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L124
Tools Used
Manual Analysis
Recommended Mitigation Steps
Use unchecked{} where the underlying arithmetic can be determined to not overflow/underflow
The text was updated successfully, but these errors were encountered: