Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Public Function `EggVault::depositEgg(uint256 tokenId, address depositor)` Not Used Internally

finisher

Description:
The depositEgg(uint256 tokenId, address depositor) function is declared as public but is not utilized internally within the EggVault contract. This could indicate either an oversight or a potential design issue.

Impact:
Leaving unused public functions in the contract increases the attack surface and could lead to unintended usage or vulnerabilities. Additionally, it contributes to unnecessary code bloat, increasing deployment costs.

Proof of Concept:

function depositEgg(uint256 tokenId, address depositor) public {
storedEggs[tokenId] = true;
eggDepositors[tokenId] = depositor;
require(eggNFT.ownerOf(tokenId) == address(this), "Invalid owner");
emit EggDeposited(depositor, tokenId);
}

Recommended Mitigation:

  1. If the function is not required, remove it to reduce the attack surface and deployment costs.

  2. If the function is intended for external use, ensure it is properly documented and secured.

  3. If the function is meant to be used internally, change its visibility to internal or private and refactor the code accordingly.

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!