Magic Number Usage for Timeout Interval in createGameWithEth & createGameWithToken
Summary
The RockPaperScissors::createGameWithEth and RockPaperScissors::createGameWithToken functions use a hardcoded value of 5 minutes to enforce a minimum _timeoutInterval. While functionally correct, this constitutes a magic number, which harms readability and maintainability. Replacing this literal with a named constant improves clarity and supports easier refactoring.
Vulnerability Details
Issue Explanation
The direct use of 5 minutes in both functions introduces the following problems:
-
Reduced Readability
The intent of the number is not obvious without additional context. A named constant likeMIN_TIMEOUT_INTERVALmakes the purpose explicit. -
Harder to Modify
Updating the minimum timeout value later requires searching for and replacing all literal values, which is error-prone. -
Consistency Risk
Different developers may introduce slightly different timeout logic (e.g.,4 minutes,6 minutes) without realizing the intended global standard.
Impact
Developer Confusion: Code is harder to interpret at a glance.
Maintainability Issues: Future changes to timeout logic are more difficult and error-prone.
Code Duplication Risk: Inconsistencies may arise in other parts of the codebase.
Tools Used
Aderyn
Recommendations
Introduce a descriptive constant to replace the 5 minutes literal:
Then update the relevant code:
This makes the code more readable, configurable, and less prone to errors.
Appeal created
Informational
Code suggestions or observations that do not pose a direct security risk.
Informational
Code suggestions or observations that do not pose a direct security risk.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.