First Flight #1: PasswordStore

Summary

The function on line 26 (setPassword) can be optimized further to make it gas efficient in the long run.

In setPassword function, we are directly assigning the new password without checking if it is the same as the current one. If the password is the same, then this operation becomes unnecessary and consumes gas.

Vulnerability Details

It can be avoided if we set a condition to check if previous password and new password are same or different. Our goal is to not modify the s_password variable, if the old and new password are the same.

Impact

Since this function doesn't check if the new password is same or different than the previous one, at times its could write the same password on storage again and again, costing more gas than necessary.

I tested for two cases, 1 with the function as is, and another with a condition for checking if they are same or different. This is the result:

I checked for password '321'.

From here we can see, adding a check cost us 1,228 more gas when calling for the first time. But, this check saved us 602 gas for every subsequent calls (when the new and old password are the same).

Tools Used

Checked gas cost and estimated value from testing the code, with different values and lines of code, on remix.ethereum.org.

Recommendations

We can add a condition to check if the new password is same or different from the current password, before assigning the value to the s_password variable.
The modified code:

Here we are checking it with if-statement. We are comparing the current password (in the s_password, if any) with the one (newPassword) we got as input value. If the passwords are different, then the s_password variable will be updated with the new value. Otherwise the function will not update s_password or emit the SetNetPassword event. This will save gas in the long run.