Library Embedded vs Linked
Summary
OracleLib.sol Library uses public functions hence will be linked but no need for this
Vulnerability Details
A library with public functions results in a linked library whereas library with internal functions only that is embedded in the contract consuming it. The OracleLib.sol results in a library deployed on its own address and then utilizes 'delegatecall' for function calls. The library is only used in 1 contract and does not appear like it has functionality that can be reused in other projects especially considered its hardcoded TIMEOUT so there are not much benefits to make it Linked Library
Impact
Gas Savings: The usage of delegatecall by linked library implies extra costs. Therefore although linked libraries save on deployment costs by being reused from address without need for delegatecall, they make contract operations more costly due to delegatecall. It is important to put users first and save on gas costs for all operations in smart contracts.
Tools Used
Manual Analysis
Recommendations
Make all functions in library internal so that it is embedded instead of linked. Embedded will increase deployment costs but that is better than increasing user costs.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.