ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Consider using OpenZeppelin's EnumerableAddressSet instead of addres[] to store collections more efficiently

0xlrivo

Summary

Consider using OpenZeppelin's EnumerableAddressSet instead of addres[] to store collections more efficiently

Vulnerability Details

Currently, supported collections, are saved in an address array.

This is especially problematic for _whiteListCollection() that need to traverse the array in order to avoid adding duplicates entries, as we can see below:

function _whiteListCollection(address collection, bool enable) internal {
if (enable && !_whiteList[collection]) {
bool toAdd = true;
uint256 i = 0;
// @audit consider using OZ EnumerableAddressSet to search for existing collections in O(1) instead O(N)
while(i < _collections.length) {
if (collection == _collections[i]) {
toAdd = false;
break;
}
i++;
}
if (toAdd) {
_collections.push(collection);
}
}
_whiteList[collection] = enable;
}

Impact

This process, in the worst case scenario, incurs O(N) runtime complexity which consumes lots of gas as N increase since SLOD are expensive operations.

Tools Used

Manual review

Recommendations

Use OpenZeppelin's EnumerableAddressSet instead of an address array to store collections which allows for inserting operations in 0(1) while checking for duplicates.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.