Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

[GAS] Missing Custom Errors - Comprehensive Breakdown

aliyugombe

Summary:

All three contracts use string error messages in require() statements instead of more gas-efficient custom errors, resulting in higher deployment and runtime costs.

Vulnerability Details:

EggHuntGame.sol

require(_eggNFTAddress != address(0), "Invalid NFT address"); // Constructor

require(_eggVaultAddress != address(0), "Invalid vault address"); // Constructor

require(!gameActive, "Game already active"); // startGame()

require(duration >= MIN_GAME_DURATION, "Duration too short"); // startGame()

require(gameActive, "Game not active"); // endGame()

require(newThreshold <= 100, "Threshold must be <= 100"); // setEggFindThreshold()

require(block.timestamp >= startTime, "Game not started yet"); // searchForEgg()

require(block.timestamp <= endTime, "Game ended"); // searchForEgg()

require(eggNFT.ownerOf(tokenId) == msg.sender, "Not owner of this egg"); // depositEggToVault()

EggVault.sol

require(_eggNFTAddress != address(0), "Invalid NFT address"); // setEggNFT()

require(eggNFT.ownerOf(tokenId) == address(this), "NFT not transferred to vault"); // depositEgg()

require(!storedEggs[tokenId], "Egg already deposited"); // depositEgg()

require(storedEggs[tokenId], "Egg not in vault"); // withdrawEgg()

require(eggDepositors[tokenId] == msg.sender, "Not the original depositor"); // withdrawEgg()

EggstravaganzaNFT.sol

require(_gameContract != address(0), "Invalid game contract address"); // setGameContract()

require(msg.sender == gameContract, "Unauthorized minter"); // mintEgg()

Impact

Deployment Costs: String errors increase contract size by ~0.5KB per unique error message
Runtime Costs:
- String errors cost ~200-500 more gas per revert than custom errors
- For frequently-called functions like searchForEgg(), this adds up significantly
Maintenance: Harder to change error messages without storage overhead

Tools Used

Manual review

Recommendations

Define Custom Errors at Contract Level:

// EggHuntGame.sol

error InvalidAddress();

error GameAlreadyActive();

error GameNotActive();

error InvalidDuration();

error InvalidThreshold();

error GameNotStarted();

error GameEnded();

error NotEggOwner();

// EggVault.sol

error NFTNotTransferred();

error EggAlreadyDeposited();

error EggNotInVault();

error NotDepositor();

// EggstravaganzaNFT.sol

error UnauthorizedMinter();

Replace All Require Statements:

// Before:

require(_eggNFTAddress != address(0), "Invalid NFT address");

// After:

if (_eggNFTAddress == address(0)) revert InvalidAddress();

Updates

Lead Judging Commences

m3dython Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Gas optimization

Strategy to save gas and minimize transaction costs

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.