Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Typo in SPDX License Identifier Breaks License Detection and unnecessary import of IERC20 contract

eagerpanda582

Root + Impact

Description

  • In the codebase, the license identifier is misspelled as // SPDX-Lincense-Identifier: MIT, which prevents these automated tools from detecting the license correctly. As a result, it could lead to issues in code auditing, licensing compliance, and automated tooling processes.

// @> SPDX-Lincense-Identifier: MIT// Root cause in the codebase with @> marks to highlight the relevant section

2. The following code was was not required because we are not dealing with token other than faicet tokens.

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

Risk

Likelihood:

  • It is highly likely to go unnoticed during development because compilers do not currently throw errors or warnings for incorrect SPDX tags.

Impact:

  • License detection tools will not recognize the contract's licensing, possibly leading to the contract being treated as unlicensed or improperly licensed.

Recommended Mitigation

- // SPDX-Lincense-Identifier: MIT
+ // SPDX-License-Identifier: MIT
Updates

Lead Judging Commences

inallhonesty Lead Judge 5 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.