15,000 USDC
View results
Submission Details
Severity: gas

Library Embedded vs Linked

Summary

OracleLib.sol Library uses public functions hence will be linked but no need for this

Vulnerability Details

A library with public functions results in a linked library whereas library with internal functions only that is embedded in the contract consuming it. The OracleLib.sol results in a library deployed on its own address and then utilizes 'delegatecall' for function calls. The library is only used in 1 contract and does not appear like it has functionality that can be reused in other projects especially considered its hardcoded TIMEOUT so there are not much benefits to make it Linked Library

Impact

Gas Savings: The usage of delegatecall by linked library implies extra costs. Therefore although linked libraries save on deployment costs by being reused from address without need for delegatecall, they make contract operations more costly due to delegatecall. It is important to put users first and save on gas costs for all operations in smart contracts.

Tools Used

Manual Analysis

Recommendations

Make all functions in library internal so that it is embedded instead of linked. Embedded will increase deployment costs but that is better than increasing user costs.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.