First Flight #5: Santa's List

First Flight #5

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Unused enum values and variables indicating missing implementation

0xrektified

Summary

This contract contains multiple enum values and variables that are not implemented, potentially reflecting unimplemented functionalities or redundant code.

Vulnerability Details

The Status enum contains unused values:

enum Status {

NICE,

EXTRA_NICE,

NAUGHTY, // <-not used

NOT_CHECKED_TWICE // <-not used

}

The documentation stand that the SantoToken is intended to be used to buy NFT for NAUGHTY or UNKNOWN friends but UNKNOWN is not defined and NAUGHTY never used

The SantaToken is an ERC20 that can be used to buy the NFT for their NAUGHTY or UNKNOWN friends.

These values appear intended for use, but the implementation is missing.
This is evident as two getters, which should return these values, never do:

// Will never return Naughty as NAUGHTY is never assigned in the code

function getNaughtyOrNiceOnce(address person) external view returns (Status) {

return s_theListCheckedOnce[person];

}

// Will never return Naughty as NAUGHTY is never assigned in the code

function getNaughtyOrNiceTwice(address person) external view returns (Status) {

return s_theListCheckedTwice[person];

}

Furthermore, a comment indicates that buyPresent should have a different cost for NAUGHTY people, but this is not implemented:

// The cost of santa tokens for naughty people to buy presents

The NOT_CHECKED_TWICE status could be useful to ensure that Santa doesn't forget to set the status for users already checked once.

The PURCHASED_PRESENT_COST variable is also unused:

uint256 public constant PURCHASED_PRESENT_COST = 2e18;

Optional:

Event could have been indexed

event CheckedOnce(address person, Status status);

event CheckedTwice(address person, Status status);

Impact

Unused variables can be misleading as they may suggest unimplemented functionalities or simply constitute dead code that should be removed.

Tools Used

Manualy review.
aderyn for events.

Recommendations

Either implement the missing functionalities or remove the unused variables. As the developer's intention with these variables is unclear, my suggestion is to remove the following:

enum Status {

NICE,

EXTRA_NICE,

- NAUGHTY,

- NOT_CHECKED_TWICE

}

- uint256 public constant PURCHASED_PRESENT_COST = 2e18;

And consider renaming the following methods for clarity:

- function getNaughtyOrNiceOnce(address person) external view returns (Status) {

+ function getNiceOrExtraNiceOnce(address person) external view returns (Status) {

return s_theListCheckedOnce[person];

}

- function getNaughtyOrNiceTwice(address person) external view returns (Status) {

+ function getNiceOrExtraNiceOnce(address person) external view returns (Status) {

return s_theListCheckedTwice[person];

}

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

116

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.