Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

[L-3] Inappropriate naming of constant variables with `S_` prefix leads to confusion

cyberethdev

[L-3] Inappropriate naming of constant variables with S_ prefix leads to confusion

Description

  • Storage variables are usually denoted with the prefix S_ for clarity.

  • Constant variables are stored in the contract bytecode and not in storage slots so the prefix S_ is misleading.

@> uint256 constant public S_AUCTION_EXTENSION_DURATION = 15 minutes;
@> uint256 constant public S_MIN_NFT_PRICE = 0.01 ether;
@> uint256 constant public S_FEE_PERCENTAGE = 5;
@> uint256 constant public S_MIN_BID_INCREMENT_PERCENTAGE = 5;

Risk

Likelihood: High

  • All of the constant variables in the contract are wrongly denoted with the S_ prefix.

Impact: Low

  • The misleading naming of constant variables can lead to confusion when developers and auditors review the code.

Proof of Concept

A PoC is not necessary in this case. This is mainly an informational finding.

Recommended Mitigation

Remove the S_ prefix from all constant variables. Either do not use a prefix at all or if one is needed for consistency use the C_ prefix instead.

-uint256 constant public S_AUCTION_EXTENSION_DURATION = 15 minutes;
-uint256 constant public S_MIN_NFT_PRICE = 0.01 ether;
-uint256 constant public S_FEE_PERCENTAGE = 5;
-uint256 constant public S_MIN_BID_INCREMENT_PERCENTAGE = 5;
+uint256 constant public AUCTION_EXTENSION_DURATION = 15 minutes;
+uint256 constant public MIN_NFT_PRICE = 0.01 ether;
+uint256 constant public FEE_PERCENTAGE = 5;
+uint256 constant public MIN_BID_INCREMENT_PERCENTAGE = 5;
Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!