Submission Details
Impact:
Likelihood:
Use of magic numbers for VIP and BACKSTAGE pass bonuses not recommended
Use of magic numbers for VIP and BACKSTAGE pass bonuses reduces readability and maintainability and hence not recommended
Description
-
The contract uses hardcoded numeric literals such as
5e18and15e18to represent the bonus values forVIPandBACKSTAGEpasses, respectively. -
Makes it harder to maintain or adjust parameters without digging into contract logic
@> uint256 bonus = (collectionId == VIP_PASS) ? 5e18 : (collectionId == BACKSTAGE_PASS) ? 15e18 : 0;
Risk
Likelihood:
High: It's there right in the contract
Impact:
-
Low: Reduces clarity for developers and auditors, as the meaning behind the values isn't immediately obvious.
-
Makes it harder to maintain or adjust parameters.
Recommended Mitigation
Define appropriately named constant variables for all bonus-related values:
+ uint256 public constant VIP_BONUS = 5e18;
+ uint256 public constant BACKSTAGE_BONUS = 15e18;
- uint256 bonus = (collectionId == VIP_PASS) ? 5e18 : (collectionId == BACKSTAGE_PASS) ? 15e18 : 0;
+ uint256 bonus = (collectionId == VIP_PASS) ? VIP_BONUS : (collectionId == BACKSTAGE_PASS) ? BACKSTAGE_BONUS : 0;
Rewards breakdown
nSLOC
234This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.