One usually expects a variable with the word "list" in its name to be of a type that can list items.
Instead, the variable is a single address.
Likelihood:
The risk is for a developer to misunderstand this variable as something other than an address.
Impact:
The impact could be that devs misunderstand the logic of the contract.
Although compilation errors will flag this if a dev writes code that attempts to interact with i_santasList as if it were an array, etc., we do not want to even introduce the concept of this variable as an array, tuple, mapping, etc. It should be easily identifiable as an address.
The naming of the variable should be updated where it is declared and any other place it is called.
The contest is live. Earn rewards by submitting a finding.
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsThe contest is complete and the rewards are being distributed.