Root + Impact

Description

• Normal Behavior:
  The buyPass function is called every time a user purchases a festival pass. It increments the passSupply[collectionId] variable to track the number of passes sold for each collection. Solidity increments are checked by default, which incurs a small but non-negligible gas cost.

  Issue:
  In this function, the increment is always safe because the function already checks that passSupply[collectionId] < passMaxSupply[collectionId] before incrementing. This means an overflow is impossible. Using a checked increment here is unnecessary and results in higher gas costs for every pass purchase. Wrapping the increment in an unchecked block can save gas, especially when the function is called frequently.

Risk

Likelihood:

• This code path is executed on every pass purchase, and the inefficiency is multiplied by the number of purchases.

Impact:

• The gas savings are minor per call, but can add up with many purchases and are especially relevant for high-volume mints. Over time, this can result in significant cost savings for users and the protocol.

Proof of Concept

The increment is always safe due to the preceding require. This means overflow is impossible, so the increment can be safely wrapped in an unchecked block to save gas.

Recommended Mitigation

Wrap the increment in an unchecked block to reduce gas usage in buyPass.