Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

_lock in noRenter can be optimized to use less gas #198

Closed
code423n4 opened this issue Jan 6, 2022 · 2 comments
Closed

_lock in noRenter can be optimized to use less gas #198

code423n4 opened this issue Jan 6, 2022 · 2 comments
Labels
bug Something isn't working duplicate This issue or pull request already exists G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Handle

mtz

Vulnerability details

Impact

The noRenter modifier sets the value of the _locked variable to 1 to acquire the lock and prevent reentrancy and sets _locked to 0 to release the lock.
Instead it should use 1 for unlocked and 2 for locked since zeroing values in storage can use more gas.
This implementation of noRenter is more gas efficient:

    uint256 internal _locked = 1;
...
    modifier noReenter() {
        require(_locked == 1, "LOCKED");
        _locked = uint256(2);
        _;
        _locked = uint256(1);
    }

This is similar to OpenZeppelin's ReentrancyGuard implementation

See the rationale there for why 1 and 2 are more efficient than 0 and 1.

Proof of Concept

In my tests (code snippet below), the more efficient reentrancy guard uses 11130 less gas

pragma solidity ^0.8.0;

contract GasTest {
    uint256 internal _locked = 0;
    uint256 internal _locked2 = 1;

    modifier noReenter() {
        require(_locked == 0, "LOCKED");
        _locked = uint256(1);
        _;
        _locked = uint256(0);
    }
    function y() public noReenter returns (uint256) {
        return address(this).balance;
    }

    modifier noReenter2() {
        require(_locked2 == 1, "LOCKED");
        _locked2 = uint256(2);
        _;
        _locked2 = uint256(1);
    }
    function y2() public noReenter2 returns (uint256) {
        return address(this).balance;
    }
}

Tools Used

N/A

Recommended Mitigation Steps

Use the more efficient noRenter implementation recommended above.
@code423n4 code423n4 added bug Something isn't working G (Gas Optimization) labels Jan 6, 2022
code423n4 added a commit that referenced this issue Jan 6, 2022
@code423n4
mtz issue #198
48da178
@deluca-mike
Copy link
Collaborator

Agreed. While not always cheaper, it is cheaper in this case for batch unlocks or relocks. Will implement this.

@deluca-mike deluca-mike added sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") duplicate This issue or pull request already exists labels Jan 7, 2022
@deluca-mike
Copy link
Collaborator

Duplicate #1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working duplicate This issue or pull request already exists G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@deluca-mike @code423n4 @CloudEllie