code4rena-2022-08-nounsdao-g18
[G‑18] Using private rather than public for constants, saves gas
Summary
constant 변수의 getter를 굳이 사용하지 않는다면 private으로 선언해도 괜찮다. private으로 변경 시 배포시 gas를 절약할 수 있다.
Keyword
gas optimization, deploy, constant
Vulnerability
- contracts/base/ERC721Checkpointable.sol#L41
- contracts/governance/NounsDAOLogicV1.sol#L67
- contracts/governance/NounsDAOLogicV2.sol#L59
File: contracts/base/ERC721Checkpointable.sol
41: uint8 public constant decimals = 0;
59 bytes32 public constant DOMAIN_TYPEHASH =
60: keccak256('EIP712Domain(string name,uint256 chainId,address verifyingContract)');
63 bytes32 public constant DELEGATION_TYPEHASH =
64: keccak256('Delegation(address delegatee,uint256 nonce,uint256 expiry)');File: contracts/governance/NounsDAOLogicV1.sol
67: string public constant name = 'Nouns DAO';
70: uint256 public constant MIN_PROPOSAL_THRESHOLD_BPS = 1; // 1 basis point or 0.01%
73: uint256 public constant MAX_PROPOSAL_THRESHOLD_BPS = 1_000; // 1,000 basis points or 10%
76: uint256 public constant MIN_VOTING_PERIOD = 5_760; // About 24 hours
79: uint256 public constant MAX_VOTING_PERIOD = 80_640; // About 2 weeks
82: uint256 public constant MIN_VOTING_DELAY = 1;
85: uint256 public constant MAX_VOTING_DELAY = 40_320; // About 1 week
88: uint256 public constant MIN_QUORUM_VOTES_BPS = 200; // 200 basis points or 2%
91: uint256 public constant MAX_QUORUM_VOTES_BPS = 2_000; // 2,000 basis points or 20%
94: uint256 public constant proposalMaxOperations = 10; // 10 actions
97 bytes32 public constant DOMAIN_TYPEHASH =
98: keccak256('EIP712Domain(string name,uint256 chainId,address verifyingContract)');
101: bytes32 public constant BALLOT_TYPEHASH = keccak256('Ballot(uint256 proposalId,uint8 support)');File: contracts/governance/NounsDAOLogicV2.sol
59: string public constant name = 'Nouns DAO';
62: uint256 public constant MIN_PROPOSAL_THRESHOLD_BPS = 1; // 1 basis point or 0.01%
65: uint256 public constant MAX_PROPOSAL_THRESHOLD_BPS = 1_000; // 1,000 basis points or 10%
68: uint256 public constant MIN_VOTING_PERIOD = 5_760; // About 24 hours
71: uint256 public constant MAX_VOTING_PERIOD = 80_640; // About 2 weeks
74: uint256 public constant MIN_VOTING_DELAY = 1;
77: uint256 public constant MAX_VOTING_DELAY = 40_320; // About 1 week
80: uint256 public constant MIN_QUORUM_VOTES_BPS_LOWER_BOUND = 200; // 200 basis points or 2%
83: uint256 public constant MIN_QUORUM_VOTES_BPS_UPPER_BOUND = 2_000; // 2,000 basis points or 20%
86: uint256 public constant MAX_QUORUM_VOTES_BPS_UPPER_BOUND = 6_000; // 4,000 basis points or 60%
89: uint256 public constant MAX_QUORUM_VOTES_BPS = 2_000; // 2,000 basis points or 20%
92: uint256 public constant proposalMaxOperations = 10; // 10 actions
95: uint256 public constant MAX_REFUND_PRIORITY_FEE = 2 gwei;
98: uint256 public constant REFUND_BASE_GAS = 36000;
101 bytes32 public constant DOMAIN_TYPEHASH =
102: keccak256('EIP712Domain(string name,uint256 chainId,address verifyingContract)');
105: bytes32 public constant BALLOT_TYPEHASH = keccak256('Ballot(uint256 proposalId,uint8 support)');constant 변수는 getter가 굳이 필요가 없으므로 public으로 선언하지 않아도 된다. 값을 알고싶다면 소스코드를 읽으면 되고, 정 getter가 필요하다면 constant를 모아서 리턴해주는 getter 함수를 하나 만들면 된다.
이를 통해 배포시 gas를 절약할 수 있다.
Impact
컨트랙트 배포 시 gas가 낭비된다.
Mitigation
constant 변수를 private 으로 선언한다.
tags: bughunting, nouns dao, smart contract, solidity, gas optimization, solidity constant, severity gas