Trick or Treat

First Flight #27

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Code Duplication in trickOrTreat Function

i_atiq

Description

In the trickOrTreat function, lines 80-83 and line 89 duplicate the minting logic found in the mintTreat function. This can be replaced with a single call to mintTreat(address(this), treat), which would reduce the overall bytecode size and gas costs, as well as improve readability and maintainability by centralizing the minting logic.

Impact

Duplicating code increases the bytecode size and can lead to higher deployment costs

Recommended Mitigation

Replace the duplicated code with a call to mintTreat(address(this), treat), which will centralize the minting logic and reduce redundancy:

function trickOrTreat(string memory _treatName) public payable nonReentrant {

Treat memory treat = treatList[_treatName];

require(treat.cost > 0, "Treat cost not set.");

uint256 costMultiplierNumerator = 1;

uint256 costMultiplierDenominator = 1;

// Generate a pseudo-random number between 1 and 1000

uint256 random =

uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender, nextTokenId, block.prevrandao))) % 1000 + 1;

if (random == 1) {

// 1/1000 chance of half price (treat)

costMultiplierNumerator = 1;

costMultiplierDenominator = 2;

} else if (random == 2) {

// 1/1000 chance of double price (trick)

costMultiplierNumerator = 2;

costMultiplierDenominator = 1;

}

// Else, normal price (multiplier remains 1/1)

uint256 requiredCost = (treat.cost * costMultiplierNumerator) / costMultiplierDenominator;

if (costMultiplierNumerator == 2 && costMultiplierDenominator == 1) {

// Double price case (trick)

if (msg.value >= requiredCost) {

// User sent enough ETH

mintTreat(msg.sender, treat);

} else {

// User didn't send enough ETH

// Mint NFT to contract and store pending purchase

+ mintTreat(address(this), treat);

- uint256 tokenId = nextTokenId;

- _mint(address(this), tokenId);

- _setTokenURI(tokenId, treat.metadataURI);

- nextTokenId += 1;

pendingNFTs[tokenId] = msg.sender;

pendingNFTsAmountPaid[tokenId] = msg.value;

tokenIdToTreatName[tokenId] = _treatName;

- emit Swapped(msg.sender, _treatName, tokenId);

// User needs to call fellForTrick() to finish the transaction

}

} else {

// Normal price or half price

require(msg.value >= requiredCost, "Insufficient ETH sent for treat");

mintTreat(msg.sender, treat);

}

// Refund excess ETH if any

if (msg.value > requiredCost) {

uint256 refund = msg.value - requiredCost;

(bool refundSuccess,) = msg.sender.call{value: refund}("");

require(refundSuccess, "Refund failed");

}

This adjustment reduces bytecode size, lowers gas costs and simplifies the code structure.

Updates

Appeal created

bube Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

109

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.