Raisebox Faucet
First Flight #50
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

Misspelled SPDX License Identifier, maybe cause warning

zhongguangyang0907

Misspelled SPDX License Identifier, maybe cause warning

Description

  • Normally, Solidity source files include a correctly formatted SPDX license identifier as the first line to declare the file license and avoid compiler warnings.

  • The issue is that the SPDX identifier is misspelled in both ./script/DeployRaiseBoxFaucet.s.sol and ./src/RaiseBoxFaucet.sol as shown below, causing compiler warnings and potential tooling/license-parsing issues.

// Root cause in the codebase with @> marks to highlight the relevant section
// @> incorrect spelling
//SPDX-Lincense-Identifier: MIT

Risk

Likelihood:

  • Occurs any time the project is compiled or scanned by static analysis / CI that checks SPDX headers.

  • Present in every build unless the files are fixed.

Impact:

  • Triggers Solidity compiler warnings and may flag CI pipelines.

  • Some license-parsing tools or scanners may fail to recognize the license, hindering automated compliance checks.

Proof of Concept

// Reproduction steps:
// 1. Run `solc`, `hardhat compile` or `forge build` on the repository.
// 2. Observe a compiler warning referencing an unrecognized or malformed SPDX header.
// Example (file contains the misspelled header):
// //SPDX-Lincense-Identifier: MIT

Recommended Mitigation

- //SPDX-Lincense-Identifier: MIT
+ // SPDX-License-Identifier: MIT
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.