Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

L-01: Transitioning from require Strings to Custom Errors

_okchev

Summary

The contract contains a low-severity vulnerability related to the use of a require statement with a string message in the nonReentrant modifier. While the current implementation functions correctly, it is not gas-optimized and does not follow modern Solidity best practices, which advocate for custom errors instead of string-based require messages.

Vulnerability Details

The nonReentrant modifier uses the following line of code to check and enforce a reentrancy lock:

require(!locked, "No re-entrancy");

Using a string message in require increases gas consumption since the string must be stored in the transaction’s revert data when the condition fails.

Impact

The impact of this vulnerability is low since it does not affect the security or functionality of the contract. However, in high-volume deployments, the extra gas cost from string-based require statements could accumulate and increase the overall cost of using the contract.

Tools Used

  • Manual Code Review: The vulnerability was identified by analyzing the code's structure and evaluating its compliance with Solidity best practices.

Recommendations

Replace the require Statement with a Custom Error:

Define a custom error and use it in the nonReentrant modifier to optimize gas consumption:

// Define the custom error
error NoReEntrancy();
modifier nonReentrant() {
if(locked) {
revert NoReEntrancy();
}
_;
locked = false;
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!