SNARKeling Treasure Hunt

First Flight #59

Beginner FriendlyGameFiFoundry

100 EXP

View all submissions

Previous Next

Submission Details

Impact: low

Likelihood: low

Potential deployment incompatibility due to PUSH0 opcode usage on non-Shanghai EVM chains

Author Revealed upon completion

Unused custom errors increase code noise and indicate inconsistent revert pattern usage

Description

The contract defines multiple custom errors that are not referenced anywhere in the codebase. Instead, the contract relies on inline require statements with string-based revert messages.
The presence of unused errors increases code noise and may indicate incomplete refactoring or inconsistent design choices in revert handling.

// @> None of the following custom errors are referenced anywhere in the codebase

error OnlyOwnerCanFund();

error NoFundsToWithdraw();

error HuntNotOver();

error OwnerCannotBeRecipient();

error OnlyOwnerCanPause();

error OnlyOwnerCanUnpause();

error TheContractMustBePaused();

error OnlyOwnerCanUpdateVerifier();

error OnlyOwnerCanEmergencyWithdraw();

error InvalidAmount();

Risk

Likelihood:

The unused custom errors are present in the deployed contract as defined but unreferenced declarations, making this a certainty rather than a conditional occurrence.
Any future developer or auditor reading the codebase will encounter this inconsistency, as the contract simultaneously defines custom errors and uses string-based require statements throughout.

Impact:

The presence of unused errors increases code noise and may indicate incomplete refactoring or inconsistent design choices in revert handling.

Proof of Concept

// Instances of unused custom errors:

// - TreasureHunt::OnlyOwnerCanFund

// - TreasureHunt::NoFundsToWithdraw

// - TreasureHunt::HuntNotOver

// - TreasureHunt::OwnerCannotBeRecipient

// - TreasureHunt::OnlyOwnerCanPause

// - TreasureHunt::OnlyOwnerCanUnpause

// - TreasureHunt::TheContractMustBePaused

// - TreasureHunt::OnlyOwnerCanUpdateVerifier

// - TreasureHunt::OnlyOwnerCanEmergencyWithdraw

// - TreasureHunt::InvalidAmount

Recommended Mitigation

Either remove unused custom errors to reduce code clutter, or refactor the contract to consistently use custom errors instead of string-based require statements.

Rewards breakdown

nSLOC

220

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!