Use of Large Literal Value Instead of Scientific Notation in `RaiseBoxFaucet::INITIAL_SUPPLY`
Root + Impact
Description
The RaiseBoxFaucet contract defines a constant INITIAL_SUPPLY to represent the initial token supply. This constant is calculated as 1000000000 * 10 ** 18, which results in a large number with many zeros, making it harder to read and verify.
The issue is that large literal values, such as 1000000000 * 10 ** 18, are prone to misinterpretation or errors when counting zeros. Using scientific notation (e.g., 1e27) improves readability and aligns with Solidity best practices.
Risk
Likelihood:
-
Developers reviewing the code misinterpret the number of zeros in
1000000000 * 10 ** 18. -
Future modifications to the contract overlook the exact value due to its cumbersome representation.
Impact:
-
Reduced code readability makes it harder for auditors and developers to verify the correctness of the constant.
-
Potential errors in manual calculations or updates to the constant value during maintenance.
Proof of Concept
The following example demonstrates how the large literal value affects readability:
Recommended Mitigation
Replace the large literal value with scientific notation to improve readability and reduce the risk of errors.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.