Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: high

Invalid

Unused Import and Error Declaration in `RaiseBoxFaucet.sol`

0xzhd

Root + Impact

Description

The import {IERC20} at line 6 is declared but never referenced in the contract, which inherits directly from ERC20 (providing IERC20 interface) and does not require the explicit import for implementation. Similarly, the custom error RaiseBoxFaucet_CannotClaimAnymoreFaucetToday() is defined but unused in any revert statements, suggesting it was intended for a daily limit check but never implemented.

Unused imports and errors increase the contract's size, leading to higher gas for deployment and storage. They also clutter the codebase, making audits more time-consuming as reviewers must verify irrelevance.

// @> Root cause in the codebase

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; // @> Unused import

// Later:

error RaiseBoxFaucet_CannotClaimAnymoreFaucetToday(); // @> Unused error

Risk

Likelihood:

High: Common in iterative development where features are planned but discarded without cleanup.
Easily overlooked in large contracts with many imports.

Impact:

Low: Negligible runtime effects, but ~0.1-1% increase in deployment gas from extra bytecode.
Maintenance burden: Clutter slows reviews and may hide real issues.

Proof of Concept

The following Foundry test confirms the import and error are unused: Compilation succeeds, but static analysis (e.g., Slither) flags them, and the contract functions without referencing either.

Run Slither for verification:

slither src/RaiseBoxFaucet.sol --detect unused-return,unused-import

Expected output flags the import and error as unused.

To simulate, add a test that compiles the contract and verifies no usage:

function testUnusedElements() public {

// Contract deploys successfully

RaiseBoxFaucet faucet = new RaiseBoxFaucet("Test", "T", 1e18, 0.01 ether, 1 ether);

// No usage of IERC20 or error – test passes if no runtime reference

assertTrue(true); // Placeholder: Slither would flag in analysis

}

Explanation

Setup: Deploys the contract, which compiles despite unused elements.
Issue Demonstration: Slither detects "unused-import" for IERC20 and unused custom error. Runtime tests pass, but static analysis confirms bloat.
Result: The contract works, but unused code adds unnecessary size, verifiable via forge inspect RaiseBoxFaucet bytecode showing extra bytes.
The test highlights the elements without crashing, proving they are dead code.

Recommended Mitigation

Remove the unused import and error declaration to streamline the code and reduce bytecode size.

- import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

- error RaiseBoxFaucet_CannotClaimAnymoreFaucetToday();

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.