Omniscia Gravita Protocol Audit
ReentrancyGuardUpgradeable Code Style Findings
ReentrancyGuardUpgradeable Code Style Findings
RGU-01C: Inefficient Reentrancy Guard Implementation
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | ReentrancyGuardUpgradeable.sol:L40-L44, L48-L50 |
Description:
The ReentrancyGuardUpgradeable implementation present in the Gravita Protocol codebase represents an outdated OpenZeppelin version modified to not use the Initializable dependency, however, it is outdated and thus inefficient.
Example:
contracts/Dependencies/ReentrancyGuardUpgradeable.sol
32/**33 * @dev Prevents a contract from calling itself, directly or indirectly.34 * Calling a `nonReentrant` function from another `nonReentrant`35 * function is not supported. It is possible to prevent this from happening36 * by making the `nonReentrant` function external, and making it call a37 * `private` function that does the actual work.38 */39modifier nonReentrant() {40 // On the first call to nonReentrant, _notEntered will be true41 require(_status != _ENTERED, "ReentrancyGuard: reentrant call");42
43 // Any calls to nonReentrant after this point will fail44 _status = _ENTERED;45
46 _;47
48 // By storing the original value once again, a refund is triggered (see49 // https://eips.ethereum.org/EIPS/eip-2200)50 _status = _NOT_ENTERED;51}Recommendation:
We advise the internal function paradigm that the latest version of ReentrancyGuardUpgradeable applies in OpenZeppelin to be replicated here, significantly optimizing the gas cost of the ReentrancyGuardUpgradeable::nonReentrant modifier.
Alleviation:
The ReentrancyGuardUpgradeable contract has been removed from the codebase in favour of using the actual ReentrancyGuardUpgradeable dependency of OpenZeppelin as a result of this exhibit. As such, we consider this exhibit addressed.