Unnecessary Computation in Hashing Function Leading to Gas Overhead
Summary
Vulnerability Details
In the PriorityPool.sol::withdraw function, the hashing function uses keccak256(abi.encode(...)) to securely hash multiple input values. However, an additional step, bytes.concat(...), is unnecessarily applied before hashing. This introduces redundant operations that lead to inefficiency, specifically higher gas costs, without adding any security benefits.
The bytes.concat() function is intended to concatenate multiple byte arrays, but in this case, it is applied to the output of keccak256(abi.encode(...)), which already returns a fixed-size bytes32 hash. Concatenating a single hash is redundant and does not enhance security, but it does increase the computational steps and gas usage.
Impact
Increased Gas Costs: The use of bytes.concat() adds unnecessary computation, which leads to higher gas consumption. This impacts the scalability of the contract, especially in high-frequency transactions, causing users to pay more for gas without any benefit.
Tools Used
Manual Review
Recommendations
Remove the unnecessary bytes.concat() operation. Use keccak256(abi.encode(...)) directly to improve gas efficiency and simplify the function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.