Aptos Pizza Drop

Cyfrin

Beginner FriendlyGameFi

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Missing return value in is_registered function

ghufranhassan1

Root + Impact

Description

The main purpose of the function is to check if a given user's address is present in the system's registry and return a simple true or false answer.
In the Move language, a function's final expression is its return value, but a semicolon terminates the expression, turning it into a statement that does not return a value. This causes a compilation error because the function is declared to return a bool but has no return value.

// Root cause in the codebase with @> marks to highlight the relevant section

public fun is_registered(user: address): bool acquires ModuleData, State {

let state = borrow_global<State>(get_resource_address());

@> table::contains(&state.users_claimed_amount, user);

}

Risk

Likelihood:

It is certain as this is not a probabilistic risk; it is a certainty. The code, as written, will fail to compile in the Move language. The compiler will throw an error because the function signature promises to return a bool value, but the function body does not return anything.

Impact:

The impact of this bug is high because it completely blocks the deployment and functionality of the entire smart contract.

Proof of Concept

This is the unit test demonstrating the bug in the function.

#[test_only]

module pizza_drop::is_registered_bug_poc {

use std::signer;

use aptos_framework::account;

use pizza_drop::airdrop;

/// This test exists to prove the is_registered function does not compile.

/// The test itself is valid, but it will cause a compilation error.

#[test(user = @0x123)]

#[expected_failure] // Expect the entire test to fail (at compilation)

fun test_is_registered_compilation_bug(user: &signer) {

// Setup: Create an account for the test address

account::create_account_for_test(@0x123);

// This line will cause a compilation error because is_registered()

// is declared to return bool but returns nothing (unit).

// The compiler will throw: "The function is_registered has return type bool but the body returns ()"

let is_user_registered = airdrop::is_registered(@0x123);

// This point is unreachable due to compilation error above

assert!(is_user_registered == false, 1);

}

Recommended Mitigation

The issue can be mitigated by adding the return keyword

- remove this code

+ add this code

public fun is_registered(user: address): bool acquires ModuleData, State {

let state = borrow_global<State>(get_resource_address());

- table::contains(&state.users_claimed_amount, user);

+ return table::contains(&state.users_claimed_amount, user);

}

Updates

Appeal created

bube Lead Judge 11 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

125

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.