Lack of names imports increases gas cost due to increased byte code size
Summary
Relying on full imports is not recommended. This import method introduces unnecessary dependencies, which may increase bytecode size and lead to gas inefficiencies. Full imports can also introduce extended attack vectors by including functions that may not be necessary for the contract. In addition to expanding the attack surface, they can also pollute the namespace, potentially causing unexpected behavior.
Vulnerability Details
Upon reviewing the contracts, the following full imports were identified:
Impact
Increased gas costs due to unnecessary dependencies.
Expanded attack surface, increasing potential security risks.
Recommendations
Use named imports to include only the necessary components:
This approach enhances security, reduces bytecode size, and optimizes gas costs.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.