Aptos Pizza Drop

Description

The get_random_slice function violates standard coding conventions by modifying state despite its name suggesting it should be a read-only getter function.
Getter functions should return values without side effects, but this function directly modifies the users_claimed_amount table.

Root Cause

The function is named as a getter (get_random_slice) but performs state modification operations instead of just returning a computed value. This breaks the separation of concerns and violates the expected behavior of getter functions.

Risk

Likelihood: High - Occurs every time the function is called

Impact: Low - Improper state handling that doesn't follow coding conventions

Impact

• Incorrect state handling: Function behavior contradicts its naming and expected functionality

• Unexpected side effects: Developers calling "getter" functions may not expect state modifications

• Protocol logic confusion: State changes hidden in getter functions can lead to integration errors

• Function responsibility violation: Single function handles both computation and state modification incorrectly

Proof of Concept

Current problematic implementation:

Issues identified:

• Function named get_* but performs table::add() operation affecting protocol state

• Violates expected behavior for getter functions, potentially causing integration issues

• Mixed responsibilities create incorrect state handling patterns

Recommended Mitigation

Separate the random computation from state modification to follow proper conventions:

Benefits of proper separation:

• Correct state handling: Function behavior matches its name and purpose

• Protocol integrity: State modifications are explicit and predictable

• Integration safety: External developers won't encounter unexpected state changes

• Function correctness: Each function has a single, clear responsibility