Raisebox Faucet

First Flight #50

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Redundant Getter Function for Public State Variable in `RaiseBoxFaucet::getClaimer`

0xzhd

Root + Impact

Description

The faucetClaimer state variable is declared as public, which instructs the Solidity compiler to generate a getter function faucetClaimer() that returns its value without arguments. The explicit getClaimer() function performs the identical operation (return faucetClaimer;), making it redundant. This duplication adds unnecessary bytecode to the contract, slightly increasing deployment costs and complicating code review, as developers may question the purpose of the explicit function.

While harmless in isolation, such redundancies can accumulate in larger contracts, contributing to higher gas usage and potential confusion during maintenance or upgrades.

// @> Root cause in the codebase

address public faucetClaimer; // @> Public declaration auto-generates faucetClaimer() getter

function getClaimer() public view returns (address) { // @> Redundant explicit getter

return faucetClaimer;

}

Risk

Likelihood:

Low: The redundancy does not affect runtime execution and is easily spotted in reviews.
More likely in iterative development where explicit getters are added without removing the public modifier.

Impact:

Low: Minimal gas overhead (negligible for deployment), but contributes to code bloat in larger contracts.
Maintainability issues: Developers may prefer the explicit function, overlooking the automatic one, leading to inconsistent usage.

Proof of Concept

The following Foundry test demonstrates equivalence: Both the automatic faucetClaimer() and explicit getClaimer() return the same value after a claim, confirming redundancy.

Add the following to the RaiseBoxFaucetTest.t.sol test:

Proof of Code

function testGettersEquivalent() public {

// Arrange: Perform a claim to set faucetClaimer

vm.prank(user1);

raiseBoxFaucet.claimFaucetTokens(); // Sets faucetClaimer = user1

// Act & Assert: Both getters return the same value

assertEq(raiseBoxFaucet.faucetClaimer(), user1); // Automatic getter

assertEq(raiseBoxFaucet.getClaimer(), user1); // Explicit getter - identical

// Verify redundancy: No functional difference

console.log("Automatic getter:", raiseBoxFaucet.faucetClaimer());

console.log("Explicit getter:", raiseBoxFaucet.getClaimer());

}

Explanation

Setup: Calls claimFaucetTokens to set faucetClaimer to user1.
Issue Demonstration: Both getters return user1, proving getClaimer adds no value.
Result: The test passes, confirming the functions are identical, highlighting the redundancy in code size and maintenance.
The output logs matching values, illustrating the unnecessary duplication.

Recommended Mitigation

Remove the explicit getClaimer function, relying on the automatic getter generated by the public modifier. This eliminates redundancy without changing behavior.

- function getClaimer() public view returns (address) {

- return faucetClaimer;

- }

To access the value, use faucetClaimer() directly. If a custom name or additional logic is needed, make faucetClaimer private and keep the explicit getter.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

157

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.