Last Man Standing
First Flight #45
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Use of Literal Instead of Named Constant for Percentage Validation

seenu1947

Use of Literal Instead of Named Constant for Percentage Validation

Description

  • In Solidity, using literal values repeatedly throughout the code reduces maintainability and increases the likelihood of inconsistencies during updates.

  • The value 100 is hardcoded in a require statement to validate a percentage input. This literal should be replaced with a named constant for clarity and future-proofing.

require(_percentage <= 100, "Game: Percentage must be 0-100.");
require(_feeIncreasePercentage <= 100, "Game: Fee increase percentage must be 0-100.");
require(_platformFeePercentage <= 100, "Game: Platform fee percentage must be 0-100.");
currentPlatformFee = (sentAmount * platformFeePercentage) / 100;
claimFee = claimFee + (claimFee * feeIncreasePercentage) / 100;

Risk

Likelihood:

  • Developers often copy and paste similar checks throughout the codebase, and changing all of them later becomes error-prone

  • Literal values reduce readability and may hide the domain-specific meaning behind magic numbers

Impact:

  • May cause inconsistent validations if the literal is changed in some places but not others.

  • Reduces code clarity and increases technical debt for future audits and changes

Proof of Concept

require(_percentage <= 100, "Game: Percentage must be 0-100.");

Recommended Mitigation

- require(_percentage <= 100, "Game: Percentage must be 0-100.");
+ uint256 public constant MAX_PERCENTAGE = 100;
+ require(_percentage <= MAX_PERCENTAGE, "Game: Percentage must be 0-100.");
Do this for all
Updates

Appeal created

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.