Tadle

Github

• https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/SystemConfig.sol#L120

Summary

The updateMarket function in the SystemConfig contract uses uint256 data types for parameters related to timestamps and durations (_tge and _settlementPeriod). This is inefficient as these values are often much smaller and can be represented with fewer bits. Using uint256 for such values increases gas consumption and does not leverage the potential savings from using smaller data types. The suggestion is to change these data types to uint48, which is more appropriate for timestamps and durations.

Vulnerability Details

In the updateMarket function, the _tge (Token Generation Event) and _settlementPeriod parameters are defined as uint256. These parameters represent timestamps or durations, which are typically small in value compared to what can be stored in a uint256. A uint256 consumes 32 bytes of storage, whereas a uint48 only consumes 6 bytes, which is more than sufficient for representing Unix timestamps and durations within a reasonable range.

Impact

Using uint256 for timestamps and durations unnecessarily increases gas costs. Storage and operations on uint256 are more expensive compared to smaller integer types. Storing timestamps and durations in uint256 wastes storage space, which could be optimized by using smaller data types. While uint256 is large enough to avoid overflow in most practical scenarios, using a smaller data type like uint48 better matches the expected range of these values and helps prevent potential issues related to data handling.

Tools Used

Manual Review

Recommendations

Update the _tge and _settlementPeriod parameters from uint256 to uint48 to better reflect their intended use and reduce gas consumption.