Submission Details
Impact:
Likelihood:
The function FestivalPass::buyPass contains magic numbers.
The function FestivalPass::buyPass contains magic numbers, which can negatively impact code readability.
Description
The function FestivalPass::buyPass contains magic numbers, which can negatively impact code readability.
// Root cause in the codebase with @> marks to highlight the relevant section
Risk
Likelihood:
The code does not use constant member variables to replace magic numbers.
Impact:
It may slightly affect code readability and make it less clear to readers.
Proof of Concept
Recommended Mitigation
Replace it using the following code
+ uint256 public constant VIP_PASS_BONUS = 5e18;
+ uint256 public constant BACKSTAGE_PASS_BONUS = 15e18;
function buyPass(uint256 collectionId) external payable {
// Must be valid pass ID (1 or 2 or 3)
require(collectionId == GENERAL_PASS || collectionId == VIP_PASS || collectionId == BACKSTAGE_PASS, "Invalid pass ID");
// Check payment and supply
require(msg.value == passPrice[collectionId], "Incorrect payment amount");
require(passSupply[collectionId] < passMaxSupply[collectionId], "Max supply reached");
// Mint 1 pass to buyer
_mint(msg.sender, collectionId, 1, "");
++passSupply[collectionId];
// VIP gets 5 BEAT welcome bonus BACKSTAGE gets 15 BEAT welcome bonus
- uint256 bonus = (collectionId == VIP_PASS) ? 5e18 : (collectionId == BACKSTAGE_PASS) ? 15e18 : 0;
+ uint256 bonus = (collectionId == VIP_PASS) ? VIP_PASS_BONUS : (collectionId == BACKSTAGE_PASS) ? BACKSTAGE_PASS_BONUS : 0;
if (bonus > 0) {
// Mint BEAT tokens to buyer
BeatToken(beatToken).mint(msg.sender, bonus);
}
emit PassPurchased(msg.sender, collectionId);
}
Rewards breakdown
nSLOC
234This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.