Gas Optimizations

[code423n4]

[S]: Suggested optimation, save a decent amount of gas without compromising readability;

[M]: Minor optimation, the amount of gas saved is minor, change when you see fit;

[N]: Non-preferred, the amount of gas saved is at cost of readability, only apply when gas saving is a top priority.

[S] ERC20.sol#transferFrom() Do not reduce approval on transferFrom if current allowance is type(uint256).max

The Wrapped Ether (WETH) ERC-20 contract has a gas optimization that does not update the allowance if it is the max uint.

The latest version of OpenZeppelin's ERC20 token contract also adopted this optimization.

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L109-L113

    function transferFrom(address owner_, address recipient_, uint256 amount_) external override returns (bool success_) {
        _approve(owner_, msg.sender, allowance[owner_][msg.sender] - amount_);
        _transfer(owner_, recipient_, amount_);
        return true;
    }

See:

• https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.5.0/contracts/token/ERC20/ERC20.sol#L336
• Do not reduce approval on transferFrom if current allowance is type(uint256).max OpenZeppelin/openzeppelin-contracts#3085

Recommendation

Change to:

    function transferFrom(address owner_, address recipient_, uint256 amount_) external override returns (bool success_) {
        uint256 currentAllowance = allowance[owner_][msg.sender];
        if (currentAllowance != type(uint256).max) {
            _approve(owner_, msg.sender, currentAllowance - amount_);
        }

        _transfer(owner_, recipient_, amount_);
        return true;
    }

[S] Use immutable variables can save gas

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L25-L26

    string public override name;
    string public override symbol;

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L50-L54

    constructor(string memory name_, string memory symbol_, uint8 decimals_) {
        name     = name_;
        symbol   = symbol_;
        decimals = decimals_;
    }

In ERC20.sol, name and symbol will never change, use immutable variable instead of storage variable can save gas.

[M] Validation can be done earlier to save gas

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L75-L102

    function permit(address owner_, address spender_, uint256 amount_, uint256 deadline_, uint8 v_, bytes32 r_, bytes32 s_) external override {
        require(deadline_ >= block.timestamp, "ERC20:P:EXPIRED");

        // Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}.
        require(
            uint256(s_) <= uint256(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) &&
            (v_ == 27 || v_ == 28),
            "ERC20:P:MALLEABLE"
        );

        // Nonce realistically cannot overflow.
        unchecked {
            bytes32 digest = keccak256(
                abi.encodePacked(
                    "\x19\x01",
                    DOMAIN_SEPARATOR(),
                    keccak256(abi.encode(PERMIT_TYPEHASH, owner_, spender_, amount_, nonces[owner_]++, deadline_))
                )
            );

            address recoveredAddress = ecrecover(digest, v_, r_, s_);

            require(recoveredAddress == owner_ && owner_ != address(0), "ERC20:P:INVALID_SIGNATURE");
        }

        _approve(owner_, spender_, amount_);
    }

Check if owner_ != address(0) earlier can avoid unnecessary computing when this check failed.

Recommendation

Change to:

    function permit(address owner_, address spender_, uint256 amount_, uint256 deadline_, uint8 v_, bytes32 r_, bytes32 s_) external override {
        require(deadline_ >= block.timestamp, "ERC20:P:EXPIRED");
        require(owner_ != address(0), "...");

        // Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}.
        require(
            uint256(s_) <= uint256(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) &&
            (v_ == 27 || v_ == 28),
            "ERC20:P:MALLEABLE"
        );

        // Nonce realistically cannot overflow.
        unchecked {
            bytes32 digest = keccak256(
                abi.encodePacked(
                    "\x19\x01",
                    DOMAIN_SEPARATOR(),
                    keccak256(abi.encode(PERMIT_TYPEHASH, owner_, spender_, amount_, nonces[owner_]++, deadline_))
                )
            );

            address recoveredAddress = ecrecover(digest, v_, r_, s_);

            require(recoveredAddress == owner_, "ERC20:P:INVALID_SIGNATURE");
        }

        _approve(owner_, spender_, amount_);
    }

[lucas-manuel]

[S] ERC20.sol#transferFrom() Do not reduce approval on transferFrom if current allowance is type(uint256).max

The Wrapped Ether (WETH) ERC-20 contract has a gas optimization that does not update the allowance if it is the max uint.

The latest version of OpenZeppelin's ERC20 token contract also adopted this optimization.

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L109-L113

    function transferFrom(address owner_, address recipient_, uint256 amount_) external override returns (bool success_) {
        _approve(owner_, msg.sender, allowance[owner_][msg.sender] - amount_);
        _transfer(owner_, recipient_, amount_);
        return true;
    }

Less clean, not added

[lucas-manuel]

[S] Use immutable variables can save gas

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L25-L26

    string public override name;
    string public override symbol;

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L50-L54

    constructor(string memory name_, string memory symbol_, uint8 decimals_) {
        name     = name_;
        symbol   = symbol_;
        decimals = decimals_;
    }

In ERC20.sol, name and symbol will never change, use immutable variable instead of storage variable can save gas.

Valid, will add

[lucas-manuel]

[M] Validation can be done earlier to save gas

https://github.com/maple-labs/erc20/blob/10ccf4aa0b2d6914e3c2d32e454e4d106a99a4fd/contracts/ERC20.sol#L75-L102

    function permit(address owner_, address spender_, uint256 amount_, uint256 deadline_, uint8 v_, bytes32 r_, bytes32 s_) external override {
        require(deadline_ >= block.timestamp, "ERC20:P:EXPIRED");

        // Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}.
        require(
            uint256(s_) <= uint256(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) &&
            (v_ == 27 || v_ == 28),
            "ERC20:P:MALLEABLE"
        );

        // Nonce realistically cannot overflow.
        unchecked {
            bytes32 digest = keccak256(
                abi.encodePacked(
                    "\x19\x01",
                    DOMAIN_SEPARATOR(),
                    keccak256(abi.encode(PERMIT_TYPEHASH, owner_, spender_, amount_, nonces[owner_]++, deadline_))
                )
            );

            address recoveredAddress = ecrecover(digest, v_, r_, s_);

            require(recoveredAddress == owner_ && owner_ != address(0), "ERC20:P:INVALID_SIGNATURE");
        }

        _approve(owner_, spender_, amount_);
    }

Check if owner_ != address(0) earlier can avoid unnecessary computing when this check failed.

Less clean, won't add

[lucas-manuel]

Acknowledge 1 and 3
2 is valid