Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Lazer>Informational findings>Performing duplicate checks within the same range of ,update, length
GeneralOverview
Findings
Low (2)
Informational (3)Performing duplicate checks within the same range of update lengthInclusion of unnecessary migrate functionRemove unused code
Threat ModelWhat are threat models?PythLazer.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Performing duplicate checks within the same range of update length

Informational Impact
Informational Severity
N/A Likelihood

Description

In the verifyUpdate function, validation is conducted to prevent excessively short update lengths. However, checking the length of duplicate ranges results in unnecessary gas costs.

// PythLazer.sol::verifyUpdate()
    function verifyUpdate(
        bytes calldata update
    ) external payable returns (bytes calldata payload, address signer) {
        // [...]
        if (update.length < 71) {
            revert("input too short");
        }
        // [...]
        uint16 payload_len = uint16(bytes2(update[69:71]));
        if (update.length < 71 + payload_len) {
            revert("input too short");
        }
        // [...]
    }

Impact

While this does not constitute a security vulnerability, it may lead to users incurring higher gas fees.

Recommendations

It is recommended to remove the following code snippet, which checks for duplicate ranges.

// PythLazer.sol::verifyUpdate()
    function verifyUpdate(
        bytes calldata update
    ) external payable returns (bytes calldata payload, address signer) {
        // [...]
-       if (update.length < 71) {
-           revert("input too short");
-       }
        // [...]
    }

Remediation

Zellic © 2025Back to top ↑