Public Functions Not Used Internally Could Be Marked External
Summary
Two functions in the codebase are marked as public but are not used internally within their respective contracts. These functions could be marked as external instead to potentially save gas and better express their intended usage.
Vulnerability Details
In Solidity, external functions can only be called from outside the contract, while public functions can be called both externally and internally. When a function is not used internally, marking it as external is more gas-efficient because the EVM doesn't need to copy function arguments from calldata to memory.
The following functions are marked as public but are not used internally:
In
RockPaperScissors.sol[Line: 380]:
In
WinningToken.sol[Line: 25]:
Impact
This is a low severity issue because:
It doesn't affect the security or functionality of the contract
It only has a minor impact on gas efficiency
It's a code quality and best practice issue rather than a vulnerability
Tools Used
Static code analysis
Aderyn automated analysis tool
Recommendations
Change the visibility of these functions from public to external:
In
RockPaperScissors.sol:
In
WinningToken.sol:
Note: For the decimals() function, you should verify that it's not called internally by any parent contracts before changing it to external. Since it's overriding a function from the ERC20 standard, you should check if the original function is defined as public or external in the OpenZeppelin implementation.
Appeal created
Informational
Code suggestions or observations that do not pose a direct security risk.
Gas Optimization
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.