The custom error UnauthorizedAccess
is defined in the ErrorCode
enum but not used anywhere in the code. While authorization checks are performed using Anchor’s has_one
constraint, they default to Anchor’s generic error instead of your custom error.
Low Risk: Authorization checks are still enforced (via has_one
), so there’s no security breach.
Code Clarity: The custom error UnauthorizedAccess
is redundant, which could confuse developers or auditors.
To align the code with your custom error and improve clarity:
Replace has_one
constraints with explicit constraint
checks that use UnauthorizedAccess
.
Remove the UnauthorizedAccess
error if it’s not needed, or ensure it’s used consistently.
Example Fix:
This is informational finding, there is no impact for the protocol.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.