Puppy Raffle

AI First Flight #1

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

[G-01] Use of Constant Variables for Static URIs (Gas Optimization + Standardization)

lyes_boudjabout

Description

The contract defines several private string variables for storing IPFS URIs of different puppy types:

string private commonImageUri = "ipfs://QmSsYRx3LpDAb1GZQm7zZ1AuHZjfbPkD6J7s9r41xu1mf8";

string private rareImageUri = "ipfs://QmUPjADFGEKmfohdTaNcWhp7VGk26h5jXDA7v3VtTnTLcW";

string private legendaryImageUri = "ipfs://QmYx6GsYAKnNzZ9A6NvEKV9nf1VaDzJrqDR23Y8YSkebLU";

These URIs are static and immutable after deployment, meaning their values never change. In Solidity, variables whose values are constant should be declared using the constant keyword. This improves gas efficiency and clearly signals the developer that the values are fixed.

Risk

Severity: Low
Type: Gas optimization / Readability
Impact: No security vulnerability exists. However, using regular storage variables for static values consumes unnecessary gas on deployment and can mislead developers regarding mutability.

Impact:

Gas efficiency: Declaring these variables as constant stores the values directly in the bytecode instead of storage, reducing gas cost for deployment and access.
Readability: Signals clearly that the values are fixed, reducing the risk of accidental modification.
Best Practices: Aligns with Solidity style guides for immutable values.

Proof of Concept

Current declaration:

string private commonImageUri = "ipfs://QmSsYRx3LpDAb1GZQm7zZ1AuHZjfbPkD6J7s9r41xu1mf8";

string private rareImageUri = "ipfs://QmUPjADFGEKmfohdTaNcWhp7VGk26h5jXDA7v3VtTnTLcW";

string private legendaryImageUri = "ipfs://QmYx6GsYAKnNzZ9A6NvEKV9nf1VaDzJrqDR23Y8YSkebLU";

Recommended change using constant:

- string private commonImageUri = "ipfs://QmSsYRx3LpDAb1GZQm7zZ1AuHZjfbPkD6J7s9r41xu1mf8";

+ string private constant COMMON_IMAGE_URI = "ipfs://QmSsYRx3LpDAb1GZQm7zZ1AuHZjfbPkD6J7s9r41xu1mf8";

- string private rareImageUri = "ipfs://QmUPjADFGEKmfohdTaNcWhp7VGk26h5jXDA7v3VtTnTLcW";

+ string private constant RARE_IMAGE_URI = "ipfs://QmUPjADFGEKmfohdTaNcWhp7VGk26h5jXDA7v3VtTnTLcW";

- string private legendaryImageUri = "ipfs://QmYx6GsYAKnNzZ9A6NvEKV9nf1VaDzJrqDR23Y8YSkebLU";

+ string private constant LEGENDARY_IMAGE_URI = "ipfs://QmYx6GsYAKnNzZ9A6NvEKV9nf1VaDzJrqDR23Y8YSkebLU";

Explanation:

The - lines show the current mutable storage variables.
The + lines show the recommended constant variables with uppercase naming to follow Solidity conventions.
Any references to these variables in functions should be updated to match the new names. For example:

function getCommonUri() external pure returns (string memory) {

- return commonImageUri;

+ return COMMON_IMAGE_URI;

}

This preserves functionality while improving gas efficiency and readability.

Recommended Mitigation

Declare static string variables as constant to reduce deployment and access gas costs.
Rename variables to uppercase with underscores, following Solidity naming conventions for constants.
Update all references in contract logic to use the new constant names.
Document the use of constant for static values in project coding guidelines for consistency.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 4 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!