Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

[L-3] Presence of Dead Code in Multiple Contracts

player

Description:
Several internal functions in the FeeCollector.sol, BaseGauge.sol, and Governance.sol contracts are never called within their respective contracts, making them dead code. These functions serve important roles, yet their absence in execution raises concerns about incomplete implementations or redundant code that can increase maintenance complexity.

Affected Functions:

In FeeCollector.sol, the _updateLastClaimTime function is meant to track the last time a user claimed rewards by updating the lastClaimTime mapping. However, since this function is never called within the contract, user claim times are not being recorded, which can hinder features like time-based reward calculations or restrictions on frequent claims.

In BaseGauge.sol, the _updateWeights function is designed to create a new period or update an existing one for time-weighted average calculations. The function ensures proper weight adjustments for staking and reward distribution, but its absence in execution suggests that weight updates may not be happening, potentially affecting staking incentives and fair reward distribution.

In Governance.sol, the _isProposalSuccessful function is responsible for determining whether a proposal has met the quorum and majority vote requirements. Despite its importance in governance decision-making, this function is never called, meaning that proposals might not be correctly validated before execution, potentially undermining the integrity of the governance process.

Impact:

  • Unimplemented or missing logic: These functions suggest missing or incomplete implementations that could affect key processes like reward tracking, staking calculations, and governance validation.

  • Unnecessary gas overhead & complexity: Keeping dead code increases contract size, making deployment more expensive and harder to audit.

Proof of Concept:
Each function is marked as internal, meaning it can only be called within the contract or by inherited contracts. However, manual review confirms they are never used, making them dead code:

// FeeCollector.sol
function _updateLastClaimTime(address user) internal {
lastClaimTime[user] = block.timestamp; // Not used anywhere
}
// BaseGauge.sol
function _updateWeights(uint256 newWeight) internal {
// Updates weights for time-weighted average calculation
// Not invoked, meaning weight updates might not be functioning
}
// Governance.sol
function _isProposalSuccessful(uint256 proposalId) internal view returns (bool) {
// Checks if a proposal meets success criteria but is never called
}
**Recommended Mitigation:**
1. **Assess Necessity** – Review whether these functions are essential for protocol operation. If they are required, **implement proper function calls** to ensure they execute as intended.
2. **Remove Unused Code** – If these functions are redundant, they should be removed to **reduce contract size, improve clarity, and lower audit overhead**.
3. **Verify Governance Enforcement** – If `_isProposalSuccessful` is crucial for proposal validation, **ensure it is properly invoked in the governance process to prevent unvalidated proposals from passing**.
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

_updateLastClaimTime not properly used to track rewards claim time

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.