Pieces Protocol

Summary

The contract inherits from OpenZeppelin's Ownable contract, but its functionality is utilized only once within the buyOrder function to transfer fees to the contract owner. The contract does not store the owner in a public state variable, which restricts visibility to external users. Deploying the Ownable contract for a single function call is inefficient and could be optimized.

Vulnerability Details

Currently, the contract relies on the Ownable contract, which introduces unnecessary deployment overhead. Instead, an immutable variable for the owner address initialized in the constructor would reduce gas costs and improve contract efficiency.

Suggested Improvement:

Instead of inheriting Ownable, the contract can define an immutable owner variable:

The buyOrder function can then be modified as follows:

This approach removes dependency on external libraries and reduces deployment gas.

Impact

• Gas Optimization: Reduces deployment and execution costs by avoiding the deployment of the Ownable contract.

• Improved Transparency: By making the owner address accessible via a public function, external users can easily verify ownership.

• Code Simplicity: Eliminates unnecessary inheritance and simplifies contract structure.

Tools Used

• Manual code review

• Solidity static analysis tools

Recommendations

1. Remove Ownable Dependency: Replace with an immutable owner variable.

2. Provide Public Getter: Add a function to expose the owner address publicly.

3. Optimize Contract Deployment: Ensure minimal contract bytecode for lower gas fees.