Contract Size Limit Exceeded in Multiple Contracts
Summary
The LendingPool, StabilityPool, RAACPrimeRateOracle contract exceeds the maximum allowed bytecode size during deployment, leading to a "trying to deploy a contract whose code is too large" error. This prevents deployment and indicates excessive code complexity, unnecessary logic, or bloated contract size.
POC
Vulnerability Details
Ethereum imposes a 24 KB (24576 bytes) limit on smart contract bytecode size. If a contract surpasses this, it cannot be deployed. The LendingPool contract exceeds this limit due to:
Too many functions or logic blocks in a single contract.
Large inline calculations or redundant code instead of modularizing logic.
Unused variables or complex data structures that increase contract size.
Overuse of inline assembly or repeated storage operations.
Impact
Deployment Fails: The contract cannot be deployed, blocking upgrades or new implementations.
Increased Gas Costs: Even if optimized, a large contract increases gas consumption.
Tools Used
Hardhat
Recommendations
Modularize Contract Logic: Break LendingPool into smaller contracts using proxies or libraries.
Remove Redundant Code: Identify and eliminate unused functions or unnecessary storage operations.
Use Solidity Libraries: Extract common computations into external libraries to reduce bytecode size.
Optimize Functionality: Minimize inline calculations and reduce storage writes where possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.