Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use of deprecated SafeMath library in `FjordAuction.sol` contract leads to unnecessary gas costs and potential maintenance issues

guirewire

Summary:

The FjordAuction.sol contract uses the deprecated SafeMath library from OpenZeppelin, despite being written for Solidity version 0.8.21. This results in redundant checks, increased gas costs, and potential maintenance challenges.

Vulnerability Details:

The FjordAuction.sol contract imports and uses the SafeMath library, which has been deprecated since OpenZeppelin Contracts v4.0 and removed in v5.0. Solidity 0.8.0 and later versions include built-in overflow checks for arithmetic operations, making SafeMath redundant. The continued use of SafeMath indicates that the contract is relying on outdated dependencies and not leveraging the latest language features.

Affected code:

import { SafeMath } from "@openzeppelin-contracts/contracts/utils/math/SafeMath.sol";
contract FjordAuction {
using SafeMath for uint256;
// ... (other contract code)
function bid(uint256 amount) external {
// ...
bids[msg.sender] = bids[msg.sender].add(amount);
totalBids = totalBids.add(amount);
// ...
}
function unbid(uint256 amount) external {
// ...
bids[msg.sender] = bids[msg.sender].sub(amount);
totalBids = totalBids.sub(amount);
// ...
}
// ... (other functions using SafeMath)
}

Impact:

  • Increased gas costs due to redundant checks in SafeMath operations

  • Potential maintenance issues and complications in future upgrades

  • Reduced code readability and potential confusion for other developers

  • Possible compatibility issues with newer libraries or contracts

While this doesn't directly break functionality or put funds at immediate risk, it represents a significant inefficiency and potential long-term maintainability issue.

Tools Used:

Manual review, Solidity compiler version check

Recommended Mitigation:

  • Remove the import of the SafeMath library.

  • Remove SafeMath for uint256; statement.

  • Replace SafeMath function calls with standard arithmetic operations.

Example of mitigated code:

- import { SafeMath } from "@openzeppelin-contracts/contracts/utils/math/SafeMath.sol";
contract FjordAuction {
- using SafeMath for uint256;
// ... (other contract code)
function bid(uint256 amount) external {
// ...
- bids[msg.sender] = bids[msg.sender].add(amount);
- totalBids = totalBids.add(amount);
+ bids[msg.sender] += amount;
+ totalBids += amount;
// ...
}
function unbid(uint256 amount) external {
// ...
- bids[msg.sender] = bids[msg.sender].sub(amount);
- totalBids = totalBids.sub(amount);
+ bids[msg.sender] -= amount;
+ totalBids -= amount;
// ...
}
// ... (update other functions similarly)
}

By implementing these changes, the FjordAuction.sol contract will benefit from improved gas efficiency, better maintainability, and alignment with current best practices in Solidity development.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.