Submission Details
Impact:
Likelihood:
[M-1] High Gas Inefficiency in `briVault::setCountry()`
[M-1] High Gas Inefficiency in briVault::setCountry()
Description
The `setCountry()` function uses an inefficient loop to copy array elements individually, consuming **3,374,149 gas** vs **540,433 gas** for direct assignment.
```solidity
@> for (uint256 i = 0; i < countries.length; ++i) {
@> teams[i] = countries[i];
}
```
Risk
Likelihood:
Medium — No direct exploit, but a severe gas inefficiency that can cost hundreds of dollars per execution.
Impact:
84% gas waste** (2,833,716 excess gas per call)
On Ethereum mainnet at 50 gwei: **~$420 wasted per call**
Unnecessary burden on contract owner
Risk of hitting block gas limit with longer country names
Proof of Concept
Gas testing shows:
setCountry (loop): 3,374,149 gas
setCountryOptimized: 540,433 gas
Savings: 2,833,716 gas (84%)
place the following lines of code in your `briVault.t.sol`
```solidity
function testCompareGas() public {
string[48] memory testCountries;
for(uint i = 0; i < 48; i++) {
testCountries[i] = string(abi.encodePacked("Country", i));
}
vm.prank(owner);
briVault.setCountry(testCountries);
}
function testCompareGasOpt() public {
string[48] memory testCountries;
for(uint i = 0; i < 48; i++) {
testCountries[i] = string(abi.encodePacked("Country", i));
}
// Test original (loop version)
vm.prank(owner);
briVault.setCountry(testCountries);
// Test optimized (direct assignment)
vm.prank(owner);
briVault.setCountryOptimized(testCountries);
}
```
use this forge test prompt `forge test --mt testCompareGas --gas-report` and `forge test --mt testCompareGasOpt --gas-report` to compare the gas cost.
Recommended Mitigation
- remove this code
+ add this code
Replace loop with direct array assignment:
```diff
+ function setCountry(string[48] memory countries) public onlyOwner {
- for (uint256 i = 0; i < countries.length; ++i) {
- teams[i] = countries[i];
- }
+ teams = countries;
+ emit CountriesSet(countries);
}
```
Note this is for fixed arrays only `teams = countries;` works only for fixed-size arrays `string[48]`.
Replace the `setCountry()` function with the `setCountryOptimized()` function.
```solidity
+ function setCountryOptimized(string[48] memory countries) public onlyOwner {
+ teams = countries;
+ emit CountriesSet(countries);
}
```
Updates
Appeal created
bube 19 days ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Gas optimizations
Gas optimizations are invalid according to the CodeHawks documentation.
Rewards breakdown
nSLOC
193This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.