Omniscia Morpho Audit

Auth Code Style Findings

AUT-01C: Counter-Intuitive Optimization

Type	Severity	Location
Gas Optimization		Auth.sol:L32

Description:

The linked local variable is a remnant of the original solmate codebase where the authority variable is not immutable.

Example:

src/Auth.sol

31function isAuthorized(address user, bytes4 functionSig) internal view virtual returns (bool) {
32    Authority auth = authority; // Memoizing authority saves us a warm SLOAD, around 100 gas.
33
34    // Checking if the caller is the owner only after calling the authority saves gas in most cases, but be
35    // aware that this makes protected functions uncallable even to the owner if the authority is out of order.
36    return (address(auth) != address(0) && auth.canCall(user, address(this), functionSig)) || user == owner;
37}

Recommendation:

We advise the local auth variable to be removed as it increases the gas cost instead of reducing it as no SLOAD is performed for authority.

Alleviation:

The Morpho team heeded our recommendation and revamped the original Solmate codebase to instead reflect access control calls to itself internally, significantly optimizing the gas cost of the contract.

Omniscia Morpho Audit

Auth Code Style Findings

Auth Code Style Findings

AUT-01C: Counter-Intuitive Optimization

Description:

Example:

Recommendation:

Alleviation:

Token.sol (TOK-M)

Token.sol (TOK-C)

On this page