Submission Details
Impact:
Likelihood:
Ten custom errors declared but never emitted
Author Revealed upon completion
Description
contracts/src/TreasureHunt.sol:14-25 declares seventeen custom errors; only nine are used with revert ErrorName(). The other ten are shadowed by string-based requires in the admin functions.
Risk
Dead ABI entries. Revert-path gas for the ten string requires is higher than the custom-error equivalent. Consumers must handle two revert formats.
PoC
The ten unused errors and their shadows:
| Error | Line | Shadowed by |
|---|---|---|
OwnerCannotBeRecipient |
14 | InvalidRecipient (L86) |
HuntNotOver |
16 | "HUNT_NOT_OVER" (L224) |
NoFundsToWithdraw |
17 | "NO_FUNDS_TO_WITHDRAW" (L227) |
OnlyOwnerCanFund |
18 | "ONLY_OWNER_CAN_FUND" (L237) |
OnlyOwnerCanPause |
19 | "ONLY_OWNER_CAN_PAUSE" (L246) |
OnlyOwnerCanUnpause |
20 | "ONLY_OWNER_CAN_UNPAUSE" (L255) |
TheContractMustBePaused |
22 | "THE_CONTRACT_MUST_BE_PAUSED" (L264, L274) |
OnlyOwnerCanUpdateVerifier |
23 | "ONLY_OWNER_CAN_UPDATE_VERIFIER" (L265) |
OnlyOwnerCanEmergencyWithdraw |
24 | "ONLY_OWNER_CAN_EMERGENCY_WITHDRAW" (L275) |
InvalidAmount |
25 | "INVALID_AMOUNT" (L277) |
Mitigation
Replace each require(cond, "...") with if (!cond) revert ErrorName();, or delete the unused declarations.
Rewards breakdown
nSLOC
220This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.