[Low-3] Improper Access control in `Deployer.sol`
Vulnerability Summary
The functions deployERC721Bridgeable() and deployERC1155Bridgeable() in the Depoloyer.sol library are currently marked as public. This increases gas costs due to the way DELEGATECALL is used to interact with these functions, leading to inefficiencies. Additionally, improper DELEGATECALL usage can cause unexpected behaviors in the contract.
Vulnerability Details
Solidity libraries with
externalorpublicfunctions are deployed as separate, independent contracts on the blockchain.Contracts that utilize these libraries invoke their functions using
DELEGATECALL.DELEGATECALLis more expensive in terms of gas compared to an internal function call.Libraries containing only
internalfunctions are significantly more gas-efficient during runtime.
References :
https://eip2535diamonds.substack.com/p/the-difference-between-solidity-libraries
Impact
Gas Optimization: Using
internalfunctions instead ofpublicorexternalfunctions reduces gas costs. Internal functions do not rely onDELEGATECALLand are directly invoked within the calling contract.
Recommendations
Mark both
deployERC721Bridgeable()anddeployERC1155Bridgeable()asinternal. This change will maintain the functionality while optimizing gas consumption and mitigating risks associated withDELEGATECALL.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.