Using inadequate syntax when writing code can be confusing for someone reviewing the code, whether during integration or similar processes.
Summary
In the Pot.sol contract, the i_ prefix is incorrectly used for variables that are not immutable. This misuse can lead to confusion during code review and maintenance, as it contradicts established naming conventions.
Vulnerability Details
The following variables in the Pot.sol contract have been identified with the inappropriate use of the i_ prefix:
The i_ prefix is conventionally used to denote immutable variables — those that are set during deployment and cannot be changed afterward.
Impact
The use of the i_ prefix on mutable variables can mislead developers into thinking these variables are immutable. This misunderstanding can lead to potential errors in logic or improper assumptions during code integration, audits, or future development, thereby increasing the risk of introducing bugs.
Tools Used
Manual code review
Solidity development best practices
Recommendations
-
Rename the Variables: Update the variable names to remove the
i_prefix from any non-immutable variables. For example:address[] private players;uint256[] private rewards; -
Follow Naming Conventions: Ensure that the
i_prefix is only used for immutable variables to maintain clarity and consistency in the codebase. -
Code Review: Perform a thorough code review to identify any other instances where naming conventions may have been incorrectly applied.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.