Beatland Festival

First Flight #44

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

No Custom Error Types Used for Access Control

r4y4n3

Root + Impact

Description

Normal Behavior:
Solidity 0.8.4 and above supports custom errors, which are more gas-efficient than require statements with string messages. Using custom errors for access control and validation is a best practice, especially for frequently called functions, as it reduces deployment and runtime gas costs.

Issue:
The mint and burnFrom functions use require with string messages for access control:

function mint(address to, uint256 amount) external {

require(msg.sender == festivalContract, "Only_Festival_Mint");

_mint(to, amount);

}

function burnFrom(address from, uint256 amount) external {

require(msg.sender == festivalContract, "Only_Festival_Burn");

_burn(from, amount);

}

Risk

Likelihood:

The functions work as intended, but are less gas-efficient.

Impact:

Gas savings are minor per call, but can add up over many transactions.

Proof of Concept

Every call to mint or burnFrom that fails due to access control will revert with a string, costing more gas than a custom error.

// Current pattern (less efficient)

require(msg.sender == festivalContract, "Only_Festival_Mint");

// Recommended pattern (more efficient)

error OnlyFestivalContract();

if (msg.sender != festivalContract) revert OnlyFestivalContract();

Recommended Mitigation

Define custom errors for access control and use them in place of string-based require statements.

+ error OnlyFestivalContract();

function mint(address to, uint256 amount) external {

- require(msg.sender == festivalContract, "Only_Festival_Mint");

+ if (msg.sender != festivalContract) revert OnlyFestivalContract();

_mint(to, amount);

}

function burnFrom(address from, uint256 amount) external {

- require(msg.sender == festivalContract, "Only_Festival_Burn");

+ if (msg.sender != festivalContract) revert OnlyFestivalContract();

_burn(from, amount);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

234

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.