First Flight #10: One Shot
First Flight #10
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

The `CredToken::mint` function should be `external`

bube

Summary

The CredToken::mint function is only called by Street contract. Therefore, it can be external instead of public.

Vulnerability Details

The CredToken::mint function is designed to be called exclusively by the _streetsContract, as enforced by the onlyStreetContract modifier. The function is currently marked as public, which means it can be called internally by other functions within the contract or externally by the designated Streets contract.

function mint(address to, uint256 amount) public onlyStreetContract {
_mint(to, amount);
}

Impact

The CredToken::mint function should be marked as external instead of public. Since the function is intended to be called only by the _streetsContract, there is no need for it to be callable internally. The external visibility is more gas-efficient for functions that are only meant to be called from outside the contract.

Tools Used

Manual Review

Recommendations

Change the visibility of the CredToken::mint function from public to external:

- function mint(address to, uint256 amount) public onlyStreetContract {
+ function mint(address to, uint256 amount) external onlyStreetContract {
_mint(to, amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.