Document the max size, how in effect only half of it is expected to be in the heap part of the data-structure. Explain the size, and how it tries to solve the issue of having all the liquidity in the same path

requirements:

• should be possible to query .last() which returns the account associated to the highest value.
• should be possible to query .prev(account) which returns the account just before according to our new relationship order.

TODO:

• Implement the new tree structure in another contract
• Implement tests like in the older tree contract

HOG-02S: Repetitive Value Literal

Type	Severity	Location
Code Style		HeapOrdering.sol:L128, L285, L304

Description:

The linked literal 1 is utilized in the linked portions to signify the head of the heap array, i.e. the root of the heap tree.

Example:

/// @notice Returns the address coming before `_id` in accounts.
/// @dev The account associated to the returned address does not necessarily have a lower value than the one of the account associated to `_id`.
/// @param _heap The heap to search in.
/// @param _id The address of the account.
/// @return The address of the previous account.
function getPrev(HeapArray storage _heap, address _id) internal view returns (address) {
    uint256 rank = _heap.ranks[_id];
    if (rank > 1) return getAccount(_heap, rank - 1).id;
    else return address(0);
}

Recommendation:

We advise this to be better illustrated by setting a contract-level constant declaration (i.e. HEAP_ROOT) in which the value of 1 is stored greatly improving the legibility of the codebase. To note, in the first linked line only the first instance of 1 should be replaced as the latter instance is a binary offset.

sauce:

• https://spdx.org/licenses/
• https://spdx.org/licenses/AGPL-3.0.html
• https://spdx.org/licenses/AGPL-3.0-only.html

Avoiding to read the account from storage by passing it as a parameter, apply this change to the HeapOrdering

Originally posted by @MathisGD in #56 (comment)

We should also provide a way to abstract the satellite data in the structure, that way it can be reusable

Originally posted by @QGarchery in #23 (comment)

https://github.com/morpho-dao/morpho-data-structures/blob/c5846fa86664410f06bc739d83121671854d83fe/contracts/Heap.sol#L12

It should be changed to the index design, to match HeapOrdering.

HOG-07C: Removal Upward Shift Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L258

Description:

The shiftUp operation is performed unconditionally whilst a child and parent's value can indeed match, thus executing an upwards shift inefficiently if the element removed was next-to-last in the tree and its children had an equal value to it.

Example:

// If the swapped account is in the heap, restore the invariant: its value can be smaller or larger than the removed value.
if (rank <= _heap.size) {
    if (_removedValue > getAccount(_heap, rank).value) shiftDown(_heap, rank);
    else shiftUp(_heap, rank);
}

Recommendation:

We advise the else statement to be adjusted to an else if (_removedValue < getAccount(_heap, rank).value) one, with the getAccount(_heap, rank).value value being cached to a local variable within the upper-most if clause to avoid the duplicate read gas cost between the if and else if conditional evaluations.

When doing the _shiftUp and _shiftDown operations, the path from the account to shift up to the root is potentially completely changed. This requires many storage writes which is gas intensive. To improve the efficiency of those operations, we could introduce an intermediate array of pointers, each one of them from an index to another. When doing any operation, this array would be updated without needing to update the actual data.

Notes:

• this solution is efficient if the array of pointer has a small overhead. One idea is to simply store it as a single word, where each byte represents an offset as given by the corresponding u8 value. This allows to store the heap part of the data-structure up to 128 elements. The _shiftUp and _shiftDown operations would only need to update this word one time.
• this idea is not compatible with the current way the size is used in the HeapOrdering, because dividing the size by 2 could lead to creating some invalid pointers in the array. To implement this idea in the HeapOrdering, it could wait for the implementation of #63
• operations that do not change the data-structure may need to do one more storage access by going through the array of pointers. Tricks could be used to avoid that additional cost, such as packing the array with a storage slot that is always read (like the size or even the slot of accounts if we are not afraid of that)

POC here: morpho-org/morpho-optimizers#1255

HOG-01C: Downward Traversal Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L151, L154

Description:

The shiftDown downward traversal mechanism of the heap structure is sub-optimal as it computes the result of getAccount operations duplicate times in all cases.

Example:

while (childRank <= size) {
    // Compute the rank of the child with largest value.
    if (
        childRank < size &&
        getAccount(_heap, childRank + 1).value > getAccount(_heap, childRank).value
    ) childRank++;

    childAccount = getAccount(_heap, childRank);

    if (childAccount.value > initialValue) {
        setAccount(_heap, _rank, childAccount);
        _rank = childRank;
        childRank <<= 1;
    } else break;
}

Recommendation:

We advise the result of the first getAccount invocation within the while loop to be cached and overwritten in the if block by the next child's account lookup if the condition is met, thus ensuring getAccount is at most invoked a single time per child.

HOG-01S: Ineffectual Operations

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L223-L224

Description:

The linked operations are ineffectual as they are performed on a memory reference that remains unutilized in the function body.

Example:

/// @notice Increases the amount of an account in the `_heap`.
/// @dev Only call this function when `_id` is in the `_heap` with a smaller value than `_newValue`.
/// @param _heap The heap to modify.
/// @param _id The address of the account to increase the amount.
/// @param _newValue The new value of the account.
/// @param _maxSortedUsers The maximum size of the heap.
function increase(
    HeapArray storage _heap,
    address _id,
    uint256 _newValue,
    uint256 _maxSortedUsers
) private {
    uint256 rank = _heap.ranks[_id];
    Account memory account = getAccount(_heap, rank);
    account.value = _newValue;
    setAccountValue(_heap, rank, _newValue);
    uint256 nextSize = _heap.size + 1;

    if (rank < nextSize) shiftUp(_heap, rank);
    else {
        swap(_heap, nextSize, rank);
        shiftUp(_heap, nextSize);
        _heap.size = computeSize(nextSize, _maxSortedUsers);
    }
}

Recommendation:

We advise them to be safely omitted reducing the gas cost of the function.

HOG-05C: Potential Significant Utility Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L4

Description:

The heap data structure implemented by the library is usually utilized to implement priority queues and other similar mechanisms where a common use case is to "pop" the upper-most parent of the "queue" and insert a new item that should be queued for the next iteration. If this is an envisioned use case for the heap, a significant utility and gas optimization can be achieved by implementing a dedicated "replace" function that replaces the root of the tree and then ascertains order by performing a single shiftDown operation.

Example:

library HeapOrdering {

Recommendation:

We advise this use-case to be evaluated and the function described to be implemented in case it is envisioned as frequent given that it will lead to significant gas optimizations.

HOG-08C: Upward Traversal Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L128, L129

Description:

The shiftUp upward traversal mechanism of the heap structure is sub-optimal as it computes the result of getAccount(_heap, _rank >> 1) twice redundantly.

Example:

while (_rank > 1 && initialValue > getAccount(_heap, _rank >> 1).value) {
    setAccount(_heap, _rank, getAccount(_heap, _rank >> 1));
    _rank >>= 1;
}

Recommendation:

We advise the result to be cached to a local variable that is consequently utilized for the while loop condition and setAccount execution thus optimizing the gas cost of the function significantly.

Update NATSPECs + naming to Morpho coding style

And remove hardhat from the repo

HOG-06C: Removal Swap Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L250

Description:

The swap operation performed during an removal operation can be optimized by performing it conditionally only when rank != accountsLength as otherwise the heap will replace an element with itself.

Example:

/// @notice Removes an account in the `_heap`.
/// @dev Only call when this function `_id` is in the `_heap` with value `_removedValue`.
/// @param _heap The heap to modify.
/// @param _id The address of the account to remove.
/// @param _removedValue The value of the account to remove.
function remove(
    HeapArray storage _heap,
    address _id,
    uint256 _removedValue
) private {
    uint256 rank = _heap.ranks[_id];
    uint256 accountsLength = _heap.accounts.length;

    // Swap the last account and the account to remove, then pop it.
    swap(_heap, rank, accountsLength);
    if (_heap.size == accountsLength) _heap.size--;
    _heap.accounts.pop();
    delete _heap.ranks[_id];

    // If the swapped account is in the heap, restore the invariant: its value can be smaller or larger than the removed value.
    if (rank <= _heap.size) {
        if (_removedValue > getAccount(_heap, rank).value) shiftDown(_heap, rank);
        else shiftUp(_heap, rank);
    }
}

Recommendation:

We advise this conditional to be introduced optimizing the best-case gas cost of the function with minimal impact on the worst-case scenario.

HOG-03C: Insertion Swap Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L188

Description:

The swap operation performed during an insertion operation can be optimized by performing it conditionally only when newSize != accountsLength as otherwise the heap will replace an element with itself.

Example:

/// @notice Inserts an account in the `_heap`.
/// @dev Only call this function when `_id` is not in the `_heap`.
/// @dev Reverts with AddressIsZero if `_value` is 0.
/// @param _heap The heap to modify.
/// @param _id The address of the account to insert.
/// @param _value The value of the account to insert.
/// @param _maxSortedUsers The maximum size of the heap.
function insert(
    HeapArray storage _heap,
    address _id,
    uint256 _value,
    uint256 _maxSortedUsers
) private {
    // `_heap` cannot contain the 0 address.
    if (_id == address(0)) revert AddressIsZero();

    // Put the account at the end of accounts.
    _heap.accounts.push(Account(_id, _value));
    uint256 accountsLength = _heap.accounts.length;
    _heap.ranks[_id] = accountsLength;

    // Move the account at the end of the heap and restore the invariant.
    uint256 newSize = _heap.size + 1;
    swap(_heap, newSize, accountsLength);
    shiftUp(_heap, newSize);
    _heap.size = computeSize(newSize, _maxSortedUsers);
}

Recommendation:

We advise this conditional to be introduced optimizing the best-case gas cost of the function with minimal impact on the worst-case scenario.

Using this repo as a submodule is not made easy because some contract depend on contracts inside node_modules. These dependencies should either be moved to a submodule, or the dependencies copied into this repo.

HOG-01M: Potentially Ambiguous Functionality

Type	Severity	Location
Standard Conformity		HeapOrdering.sol:L289-L295

Description:

The getTail function yields the tail of the overall account array rather than the tail of the sorted heap array which can cause mis-use by the library's users.

Example:

/// @notice Returns the address at the tail of the `_heap`.
/// @param _heap The heap to get the tail.
/// @return The address of the tail.
function getTail(HeapArray storage _heap) internal view returns (address) {
    if (_heap.accounts.length > 0) return getAccount(_heap, _heap.accounts.length).id;
    else return address(0);
}

Recommendation:

We advise a separate, dedicated getHeapTail function to be introduced that yields the ordered tree portion's tail member to its caller, increasing the utility of the library.

HOG-04C: Potential Significant Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L7

Description:

Depending on the needs of the application that will ultimately utilize the library, the Account data structure can be significantly optimized by reducing its value member's accuracy from 256-bits to 96-bits, thereby permitting the address variable to be tight-packed with the uint96 into a single 32-byte slot. This will reduce all storage reads and writes for Account entries to one SLOAD / SSTORE operation regardless of whether both members are written to or read from in the same action.

Example:

struct Account {
    address id; // The address of the account.
    uint256 value; // The value of the account.
}

Recommendation:

We advise this to be done so if the 96-bit accuracy is sufficient for the end-user application.

HOG-02M: Inexistent Association of Former Value

Type	Severity	Location
Input Sanitization		HeapOrdering.sol:L30-L36

Description:

The _formerValue argument is meant to indicate the current value of the particular _id in the heap structure, however, this is not validated and is instead assumed to be trusted input.

Impact:

An improper _formerValue combined with an improper _newValue will cause an incorrect operation to be performed on the heap that does not match the actual data the _id entry previously held.

Example:

function update(
    HeapArray storage _heap,
    address _id,
    uint256 _formerValue,
    uint256 _newValue,
    uint256 _maxSortedUsers
) internal {
    uint256 size = _heap.size;
    uint256 newSize = computeSize(size, _maxSortedUsers);
    if (size != newSize) _heap.size = newSize;

    if (_formerValue != _newValue) {
        if (_newValue == 0) remove(_heap, _id, _formerValue);
        else if (_formerValue == 0) insert(_heap, _id, _newValue, _maxSortedUsers);
        else if (_formerValue < _newValue) increase(_heap, _id, _newValue, _maxSortedUsers);
        else decrease(_heap, _id, _newValue);
    }
}

Recommendation:

While the contract is a library and thus input sanitization can be performed at the application level, from a security standpoint this reliance is ill-advised. Instead, we advise the _formerValue to be queried directly on the heap structure to guarantee all operations are performed safely regardless of end-user usage. If gas optimization is a concern here (as the data entry is already read by the caller), we advise a delta system to be used instead (i.e. specifying a decrease as -5) which would optimize the if conditionals and allow the entry to be read once at the heap level.

cf #122

• The testing suite lacks fuzzing & invariants
• Mock libraries should fit more to the actual libraries (in order to improve gas reports)

The storage layout has changed compared to the one used in morpho-v1. We must get back to this version if we want to apply changes to the deployed contracts.

#108 to merge

#137

HOG-02C: Increase Swap Optimization

Type	Severity	Location
Gas Optimization		HeapOrdering.sol:L230

Description:

The swap operation performed during an increase operation can be optimized by performing it conditionally only when nextSize != rank as otherwise the heap will replace an element with itself.

Example:

/// @notice Increases the amount of an account in the `_heap`.
/// @dev Only call this function when `_id` is in the `_heap` with a smaller value than `_newValue`.
/// @param _heap The heap to modify.
/// @param _id The address of the account to increase the amount.
/// @param _newValue The new value of the account.
/// @param _maxSortedUsers The maximum size of the heap.
function increase(
    HeapArray storage _heap,
    address _id,
    uint256 _newValue,
    uint256 _maxSortedUsers
) private {
    uint256 rank = _heap.ranks[_id];
    Account memory account = getAccount(_heap, rank);
    account.value = _newValue;
    setAccountValue(_heap, rank, _newValue);
    uint256 nextSize = _heap.size + 1;

    if (rank < nextSize) shiftUp(_heap, rank);
    else {
        swap(_heap, nextSize, rank);
        shiftUp(_heap, nextSize);
        _heap.size = computeSize(nextSize, _maxSortedUsers);
    }
}

Recommendation:

We advise this conditional to be introduced optimizing the best-case gas cost of the function with minimal impact on the worst-case scenario.

Found by @MathisGD.

Currently the heap size is changing at each insert, remove, and decrease operation. When it reaches _maxSortedUsers, it is divided by 2. The informal goal is to distribute high liquidity evenly on the branches of the heap, in order to maximize the total liquidity that is in the heap.

One other idea would be distribute the incoming liquidity "randomly" on the last nodes before _maxSortedUsers. This means that the size of the heap would only change up to _maxSortedUsers and then stay the same, potentially saving one SSTORE for each operation. Another potential benefit would be that the introduced randomness would mostly prevent worst case scenarios for the incoming liquidity.
Note that there is no real need for the randomness here to be truly random, and we could use a pseudo-random function instead.

We can also implement:

• #38
• #36

Originally posted by @QGarchery in #23 (comment)

Original comment: morpho-org/morpho-optimizers#1404 (comment)

I think the library should handle this edge case and revert at execution, instead of relying on proper input

If we apply this, don't forget to remove the no longer necessary check in morpho-v1!