Submission Details
Impact:
Likelihood:
Non-Specific Imports Reduce Code Clarity and Auditability
Description
-
Import statements should explicitly specify which contracts or functions are being imported to improve code clarity and reduce compilation size.
-
The contract uses non-specific imports that import entire files rather than specific contracts, making dependencies less explicit.
// @> Imports entire file instead of specific contract
import "@openzeppelin/contracts/access/Ownable.sol";
Risk
Likelihood:
-
Import statement affects every compilation
-
Code clarity issue is always present during auditing
Impact:
-
Dependencies are less explicit and harder to audit
-
Potential namespace pollution from unused imports
-
Slightly larger compiled contract size
-
Reduced code readability and maintainability
Proof of Concept
// Current approach - imports entire file
import "@openzeppelin/contracts/access/Ownable.sol";
// Better approach - explicit named import
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
Recommended Mitigation
- import "@openzeppelin/contracts/access/Ownable.sol";
+ import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.