Missing check for identical hookFeePercentage values. Oversight could lead to excessive GAS consumption and useless event emissions.
Summary
In the UpliftOnlyExample contract, there's a function called setHookSwapFeePercentage which sets the hook swap fee percentage, charged on every swap operation. However, there's no any validation or restriction check to restrict identical redundant fee percentage updates.
Vulnerability Details
I know you might say it's an admin input validation issue. However, an admin could overlook the last updated values, and since I believe it's not a very frequent function, the chances of omission are high. Therefore, it would be better to include a check to restrict redundant updates. Actually i wanted to put this para below in recommendations section but you might be in hurry so that's why i've to put it here.
See the visuals below...
UpliftOnlyExample::setHookSwapFeePercentage:
Impact
-
Unnecessary Gas Consumption:
Every state change (like updating a fee value) on the Ethereum blockchain incurs a gas cost. If the fee value is updated redundantly without any check for its current state, this results in unnecessary gas consumption.
Even if the new fee value is identical to the existing one, the contract still performs a write operation to the blockchain. -
Increased Transaction Costs for Users:
Redundant fee value updates will make users pay higher transaction fees. Since gas fees are proportional to the complexity and number of operations performed in a transaction, redundant updates directly lead to higher costs for users(Admin(s)) without any meaningful change in the contract’s state. -
Blockchain Bloat:
Every transaction that modifies the contract’s state is recorded on the Ethereum blockchain. If redundant updates are allowed, it will lead to unnecessary state changes, which will increase the size of the blockchain.
This can contribute to blockchain bloat, making the network more expensive to maintain and harder to synchronize. Over time, excessive redundant transactions could negatively impact Ethereum’s scalability and performance. -
Unnecessary Event Emissions:
Emitting an event every time a fee value is updated, even when the new value is identical to the old one, can lead to unnecessary event logs.
Unnecessary event emissions contribute to blockchain bloat, as every event is stored on-chain. This could make it harder to manage and query logs later, reducing the overall efficiency of the contract. -
Event Log Pollution:
Each event emitted is stored in the transaction logs on the blockchain. If redundant events are emitted, it could cause log pollution. This means there would be numerous, unnecessary logs for fee updates that haven’t actually changed.
Tools Used
Manual Review
Recommendations
Please add a check to restrict redundant and identical fee percentage udpates.
Do the following updations in the code...
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.