Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`_owner` Variable Should Be Immutable in `WToken.sol`

koinerdegen

Summary

The _owner variable in the WToken contract is initialized in the constructor and is never modified throughout the contract. Since there is no functionality to change the _owner, making the variable immutable would save gas by reducing storage costs and improving clarity. The current implementation, using a private mutable state variable, is unnecessary and introduces minor inefficiencies.

Vulnerability Details

Type: Code Optimization / Gas Inefficiency

Location: WToken.sol, Line (exact line depends on your file version):

@> address private _owner;
Issue:
- The _owner variable is initialized in the constructor:
  
  @> _owner = owner_;
- There is no function to modify _owner after initialization.
- This means _owner can safely be declared as immutable, which:
  - Saves gas by storing the variable directly in bytecode rather than in storage.
  - Enhances clarity for developers and auditors.
Problem:
- Leaving _owner mutable implies that it could be changed in the future, leading to potential confusion for integrators or auditors.
- Missing the opportunity to save gas costs by using the immutable keyword.

Impact

This issue has a Medium severity because it does not affect security or functionality but represents a missed opportunity for optimization and clarity.

Tools Used

The following tools and techniques were used to identify and analyze the issue:

Static Code Review: Manual inspection of the _owner variable and related functions.
Solidity Compiler (v0.8.26): Verified the impact of making _owner immutable.

Recommendations

Change _owner to immutable: Update the _owner declaration to include the immutable keyword:

- address private _owner;
+ address private immutable _owner;
Update the Constructor: Since the immutable keyword requires initialization in the constructor, ensure _owneris set during deployment:

constructor(string memory symbol_, uint8 decimals_, address owner_) ERC20(symbol_, symbol_) {
_owner = owner_; // Immutable initialization
_decimals = decimals_;
}
Document the Change: Include a note in the documentation to highlight the optimization and clarify that _owner is immutable and cannot be changed after deployment.

Example Implementation

Here is the updated version of the relevant portions of the contract:

address private immutable _owner; // Owner made immutable

constructor(string memory symbol_, uint8 decimals_, address owner_) ERC20(symbol_, symbol_) {

_owner = owner_; // Immutable initialization

_decimals = decimals_;

}

This ensures the _owner is immutable, stored in bytecode rather than storage, saving gas and enhancing clarity.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.