Unused `ErrorCode::UnauthorizedAccess` Definition
Summary
The codebase defines an ErrorCode::UnauthorizedAccess in the error enumeration, but no actual usage occurs. This creates confusion and potentially missed security checks.
Vulnerability Details
The error code is declared, but the contract logic never invokes it.
Typically, an
UnauthorizedAccesserror is used in permission checks or role checks (e.g., only the creator canwithdraw), but the code is either relying on other mechanisms or missing the check entirely.
Impact
Misleading Code: Auditors or maintainers might assume there is an active check for unauthorized access where none exists.
Possible Future Oversight: Developers might add new features or rely on a nonexistent pattern, leading to real vulnerabilities.
Tools Used
Manually view all calls and checks in functions. Recommendations
Recommendations
Either integrate the use of ErrorCode::Unauthorized Access where explicit verification of rights is required (for example, when withdrawing funds if the success condition is not met), or remove it from the list for clarity.
To refactor the code so that all the defined ErrorCode have a practical application.
Appeal created
[Invalid] Unused `UnauthorizedAccess` error
This is informational finding, there is no impact for the protocol.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.