Token-0x

First Flight #54

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Non-Standard Internal Function Naming (totalSupply_)

smartshielder

Non-Standard Internal Function Naming (`totalSupply_`) + Low

Description

Normal behavior: Internal state variables in ERC-20 contracts use a leading underscore (e.g., _totalSupply) to indicate private/internal access. Standard practice is to access this variable directly internally.

Issue: The contract defines an internal function totalSupply_() to return the value of _totalSupply. This naming is confusing, non-standard, and unnecessary for internal use. Internal code should access _totalSupply directly.

function totalSupply_() internal view returns (uint256) { @> // Non-standard internal naming

assembly {

let slot := _totalSupply.slot

let supply := sload(slot)

mstore(0x00, supply)

return(0x00, 0x20)

}

Risk

Likelihood: Low

Reason 1: Developers may call totalSupply_() unnecessarily instead of _totalSupply, creating confusion.
Reason 2: Auditors or external tooling might misinterpret this internal function as part of the contract’s external API.

Impact: Low

Impact 1: Confusion for maintainers or auditors.
Impact 2: Minor unnecessary gas cost due to calling a function instead of reading the storage variable directly.

Proof of Concept

totalSupply_() is not a standard naming for the internal functions across the project.

// Internal access using non-standard function:

uint256 supply = totalSupply_();

// Recommended internal access:

uint256 supply = _totalSupply;

Recommended Mitigation

Rename totalSupply_() function to _totalSupply() to follow the standard naming.

- function totalSupply_() internal view returns (uint256) {

+ function _totalSupply() internal view returns (uint256) {

assembly {

let slot := _totalSupply.slot

let supply := sload(slot)

mstore(0x00, supply)

return(0x00, 0x20)

}

Updates

Lead Judging Commences

gaurangbrdv Lead Judge 18 days ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

222

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.