Analysis2023-07-17
3 Minutes Read
MetaTrust Labs
In this analysis, we will examine one of the core contracts of iZiFinance and identify a simple way to reduce gas consumption by eliminating a redundant expression.
iZiFinance is a decentralized finance protocol that leverages zkSync, a layer-2 scaling solution for Ethereum. zkSync enables fast and low-cost transactions on Ethereum, while preserving the security and composability of the layer-1 network. However, gas optimization is still an important aspect of smart contract development on zkSync, as it affects the performance and profitability of the protocol.
In this analysis, we will examine one of the core contracts of iZiFinance, iZiSwapPool.sol, and identify a simple way to reduce gas consumption by eliminating a redundant expression.
The iZiSwapPool contract implements the logic of liquidity pools and token swaps on iZiFinance. It conforms to the IiZiSwapPool interface, which defines the functions and events of the contract. One of the functions is modifyFeeChargePercent, which allows the owner of the contract (the factory) to adjust the fee charge percent for each pool. The fee charge percent is a parameter that determines the distribution of the swap fee between the liquidity providers and the protocol.
The code of the modifyFeeChargePercent function is as follows: The function accepts a uint24 argument called newFeeChargePercent, which represents the new fee charge percent to be set. It also has some modifiers and requires statements to ensure that only the owner can invoke the function and that the newFeeChargePercent is valid.
This contract code is written in Solidity and represents a function that modifies a fee charge percent. It seems to have been designed in a secure manner, considering the restrictions applied before making the actual modification (lines 534-536).
However, line 535 require(newFeeChargePercent >= 0, "FP0"); is indeed unnecessary. This is due to the fact that in Solidity, the uint (unsigned integer) data type cannot be negative. uint24 is an unsigned integer type that ranges from 0 to 2^24 - 1. Hence, checking if the newFeeChargePercent is greater than or equal to 0 is tautological, because by definition, an unsigned integer cannot be less than 0.
Therefore, this line constitutes a tautology and can be safely removed without affecting the functionality of the code or introducing any security vulnerabilities. The line immediately after it, require(newFeeChargePercent <= 100, "FP0");, is enough to ensure that the newFeeChargePercent is within the desired range (0-100).
We also found some centralized risks that could compromise the security and trustlessness of the protocol.
Here are 10 security tips for iZiFinance to take into consideration to better protect on-chain assets for users.
These risks stem from the fact that the contract owner may have excessive control over the parameters and functions of the contract, which could allow them to manipulate the protocol or harm the users. We hope that this article has provided some useful insights and security suggestions for improving the smart contract of iZiFinance.
About Us
At MetaTrust, our primary focus is on creating a secure infrastructure that caters to the needs of developers in the WEB 3.0 space. We offer an array of AI-Driven automation tools and security services to assist Web3 developers and project stakeholders in achieving a secure development environment.
Website || Twitter || MetaScan for FREE
MetaTrust Labs
In this analysis, we will examine one of the core contracts of iZiFinance and identify a simple way to reduce gas consumption by eliminating a redundant expression.