BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

`winner::BriVault` state variable should be made private.

elo_anxiety

Root + Impact : winner:BriVault state variable should be made private as the contract uses a getWinner function, therefore increasing the gas fee.

Description

  • In the BriVault contract, the visibility specifier for winner state variable is public.

  • The contract uses a getWinner function, which returns the value of winner state variable.

  • Use of public specifier for a state variable also creates a view function, but the view function is already there for winner public variable (i.e. getWinner).

  • Making the variable winner private will reduce the gas price and hence optimize the code.

contract BriVault is ERC4626, Ownable {
...
@> string public winner;
...
...
function getWinner() public view returns (string memory) {
return winner;
}
...
}

Risk

Likelihood: Low

Impact: Low

Proof of Concept

  • A user who wants to see the winner, actually has 2 options:

    1.) call the getWinner function

    2.) call the winner function (as it's declared public).

  • Hence, it is just a waste of gas, therefore winner should be made private .

Recommended Mitigation

  • It is best recommended to change the visibility specifier for winner from public -> private

contract BriVault is ERC4626, Ownable {
...
- string public winner;
+ string private winner;
...
...
function getWinner() public view returns (string memory) {
return winner;
}
...
}
Updates

Appeal created

bube Lead Judge 19 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Gas optimizations

Gas optimizations are invalid according to the CodeHawks documentation.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!