Submission Details
Severity:
Oversized contract will make deployment fail
Summary
Oversized contract will make deployment fail
Vulnerability Details
SantasList.sol:SantasList contract is oversized (56.43 kB). This is due to the fact that the constant variable TOKEN_URI is stored in the bytecode, which is 51373 characters in length.
Oversized contract can't be deployed.
PoC
forge build --sizes
[⠒] Compiling...
[⠊] Compiling 2 files with 0.8.22
[⠒] Solc 0.8.22 finished in 1.85s
Compiler run successful!
| Contract | Size (kB) | Margin (kB) |
|----------------|-----------|-------------|
| Math | 0.086 | 24.49 |
| MockERC20 | 3.69 | 20.886 |
| MockERC721 | 3.827 | 20.749 |
| SantaToken | 3.324 | 21.252 |
| SantasList | 56.43 | -31.854 |
| SignedMath | 0.086 | 24.49 |
| StdStyle | 0.086 | 24.49 |
| Strings | 0.086 | 24.49 |
| TokenUri | 51.615 | -27.039 |
| console | 0.086 | 24.49 |
| console2 | 0.086 | 24.49 |
| safeconsole | 0.086 | 24.49 |
| stdError | 0.592 | 23.984 |
| stdJson | 0.086 | 24.49 |
| stdMath | 0.086 | 24.49 |
| stdStorage | 0.086 | 24.49 |
| stdStorageSafe | 0.086 | 24.49 |
Impact
MEDIUM. Contract can't be deployed due to the TOKEN_URI size.
Tools Used
Manual Review
Recommendations
TOKEN_URI should be modified to prevent the oversized contract. Ideally, this can be an ipfs url, which will be shorter.
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Contract Byte Size Exceeds Limit
SVG is causing contract byte size to exceed solidity's limits. Tagging for future visibility
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.