RustFund

First Flight #36
Beginner FriendlyRust
100 EXP
View results
Submission Details
Severity: low
Invalid

Unused `UnauthorizedAccess` Error

Description

The custom error UnauthorizedAccess is defined in the ErrorCode enum but not used anywhere in the code. While authorization checks are performed using Anchor’s has_one constraint, they default to Anchor’s generic error instead of your custom error.


Impact

  • Low Risk: Authorization checks are still enforced (via has_one), so there’s no security breach.

  • Code Clarity: The custom error UnauthorizedAccess is redundant, which could confuse developers or auditors.


Affected Code

#[error_code]
pub enum ErrorCode {
// ...
#[msg("Unauthorized access")]
UnauthorizedAccess, // <--- Defined but unused
}

Recommendation

To align the code with your custom error and improve clarity:

  1. Replace has_one constraints with explicit constraint checks that use UnauthorizedAccess.

  2. Remove the UnauthorizedAccess error if it’s not needed, or ensure it’s used consistently.

Example Fix:

// In FundSetDeadline struct:
#[derive(Accounts)]
pub struct FundSetDeadline<'info> {
#[account(mut)]
pub fund: Account<'info, Fund>,
#[account(mut,
constraint = fund.creator == creator.key() @ ErrorCode::UnauthorizedAccess
)]
pub creator: Signer<'info>,
}
Updates

Appeal created

bube Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] Unused `UnauthorizedAccess` error

This is informational finding, there is no impact for the protocol.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.