Submission Details
Severity:
L-1: Uninitialized State Variables
Summary
Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized.
Vulnerability Details
Found in src/RockPaperScissors.sol at line: 53
uint256 gameId = gameCounter++;
Impact
The uninitialized gameCounter will default to 0, and the first game ID will be 0. While this might not cause immediate, critical bugs within the current contract logic, it's a deviation from a common practice of starting IDs from 1 and reduces the explicitness of the code.
Tools Used
Manual Audit, Aderyn
Recommendations
For clarity and to adhere to a more common convention, it is recommended to explicitly initialize gameCounter to 0 in the constructor:
// Counter for game IDs
uint256 public gameCounter;
constructor() {
winningToken = new WinningToken();
adminAddress = msg.sender;
gameCounter = 0; // Explicitly initialize to the default value for clarity
}
Updates
Appeal created
m3dython about 2 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational
Code suggestions or observations that do not pose a direct security risk.
m3dython about 2 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational
Code suggestions or observations that do not pose a direct security risk.
Rewards breakdown
nSLOC
349This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.