OrderBook

First Flight #43

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Inconsistent Error Handling Pattern Increases Gas Costs

sayemsec

Root + Impact

Description

Describe the normal behavior in one or more sentences
Explain the specific issue or problem in one or more sentences

The contract implements a consistent pattern of using custom errors throughout most functions to optimize gas costs and improve error handling efficiency. The normal behavior should maintain this pattern across all error conditions to provide predictable gas costs and consistent developer experience. However, the emergencyWithdrawERC20() function uses a string-based revert statement instead of custom errors, breaking this established pattern and unnecessarily increasing gas costs for users when the revert condition is triggered.

Risk

Likelihood:

Contract owners will attempt to withdraw core protocol tokens through the emergency function during operational procedures

The revert condition will be triggered whenever emergency withdrawals are attempted on protected tokens (wETH, wBTC, wSOL, USDC)

Administrative operations requiring multiple attempts will compound the gas cost inefficiency

Impact:

Users pay approximately 2,300 additional gas per revert compared to custom errors

Code maintenance becomes more complex due to inconsistent error handling patterns

Developer experience suffers from unpredictable error formats across contract functions

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2

Impact:

Impact 1
Impact 2

Proof of Concept

// Current implementation (gas inefficient)

function emergencyWithdrawERC20(address _tokenAddress, uint256 _amount, address _to) external onlyOwner {

if (

_tokenAddress == address(iWETH) || _tokenAddress == address(iWBTC) ||

_tokenAddress == address(iWSOL) || _tokenAddress == address(iUSDC)

) {

revert("Cannot withdraw core order book tokens via emergency function"); // ~2,464 gas

}

// ... rest of function

}

// Gas cost comparison test

contract GasCostTest {

error CannotWithdrawCoreTokens();

function testStringRevert() external pure {

revert("Cannot withdraw core order book tokens via emergency function"); // ~2,464 gas

}

function testCustomError() external pure {

revert CannotWithdrawCoreTokens(); // ~164 gas

}

Recommended Mitigation

Define and implement a custom error to maintain consistency and reduce gas costs:

solidity// Add to contract error definitions

error CannotWithdrawCoreTokens();

// Replace string revert with custom error

function emergencyWithdrawERC20(address _tokenAddress, uint256 _amount, address _to) external onlyOwner {

if (

_tokenAddress == address(iWETH) || _tokenAddress == address(iWBTC) ||

_tokenAddress == address(iWSOL) || _tokenAddress == address(iUSDC)

) {

revert CannotWithdrawCoreTokens();

}

// ... rest of function implementation

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge about 1 month ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

217

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.