First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`LoveToken::initVault` magic number are used

yourguyd3v

Low

[L-4] LoveToken::initVault magic number are used

Description:
The initVault function in the LoveToken contract utilizes magic numbers for token amounts 500,000,000 ether during the initialization of vaults for airdrop and staking. Magic numbers are hardcoded numerical values directly within the code without explanation, making it difficult to understand their significance and increasing the likelihood of errors during maintenance or updates.

Impact:
Utilizing magic numbers without proper explanation can lead to confusion and potential errors during code maintenance or updates. It reduces code readability and makes it harder for developers to understand the purpose of the values, which could result in unintended consequences if these values need to be changed in the future.

Proof of Concept:

function initVault(address managerContract) public {
if (msg.sender == airdropVault) {
@> _mint(airdropVault, 500_000_000 ether);
@> approve(managerContract, 500_000_000 ether);
emit AirdropInitialized(managerContract);
} else if (msg.sender == stakingVault) {
@> _mint(stakingVault, 500_000_000 ether);
@> approve(managerContract, 500_000_000 ether);
emit StakingInitialized(managerContract);
} else {
revert LoveToken__Unauthorized();
}
}

Recommended Mitigation:

To improve code readability and maintainability, it is recommended to define these numerical values as named constants or parameters with descriptive names. This makes the code more self-explanatory and reduces the risk of errors.

// Define named constants for token amounts
+ uint256 constant INITIAL_SUPPLY = 500_000_000 ether;
function initVault(address managerContract) public {
if (msg.sender == airdropVault) {
- _mint(airdropVault, 500_000_000 ether);
- approve(managerContract, 500_000_000 ether);
+ _mint(airdropVault, INITIAL_SUPPLY);
+ approve(managerContract, INITIAL_SUPPLY);
emit AirdropInitialized(managerContract);
} else if (msg.sender == stakingVault) {
- _mint(stakingVault, 500_000_000 ether);
- approve(managerContract, 500_000_000 ether);
+ _mint(stakingVault, INITIAL_SUPPLY);
+ approve(managerContract, INITIAL_SUPPLY);
emit StakingInitialized(managerContract);
} else {
revert LoveToken__Unauthorized();
}
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.