Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

Redundant Public Mapping Getters

empyrean

Redundant Public Mapping Getters

Description

Public mappings in Solidity automatically generate getter functions for external access. Explicit getter functions are defined for these mappings, creating unnecessary redundancy in the contract's ABI.

@>mapping(uint256 => Listing) public listings;@>

@>mapping(uint256 => Bid) public bids;@>

function getListing(uint256 tokenId) public view returns (Listing memory) {

return listings[tokenId];

}

function getHighestBid(uint256 tokenId) public view returns (Bid memory) {

return bids[tokenId];

}

Risk

Likelihood:

During contract deployment, as the ABI includes duplicate methods.
When interacting via tools like ethers.js, leading to potential confusion in function selection.

Impact:

Duplicated functionality.

Proof of Concept

Mints and lists NFT, then compares auto-generated tuple from public mapping with explicit struct getter, asserting matching fields to demonstrate identical redundant outputs.

function testRedundantGetters() public {

_mintNFT();

_listNFT();

// Auto-generated public mapping getter returns tuple

(address seller1, uint256 minPrice1, uint256 buyNowPrice1, uint256 auctionEnd1, bool listed1) = market.listings(TOKEN_ID);

// Explicit getter returns struct

BidBeastsNFTMarket.Listing memory listing2 = market.getListing(TOKEN_ID);

// Both should return identical data

assertEq(seller1, listing2.seller);

assertEq(minPrice1, listing2.minPrice);

}

Recommended Mitigation

Sets mappings to internal visibility, eliminating auto-generated getters and removing explicit functions for cleaner ABI without duplication.

- mapping(uint256 => Listing) public listings;

- mapping(uint256 => Bid) public bids;

+ mapping(uint256 => Listing) internal listings;

+ mapping(uint256 => Bid) internal bids;

Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.