Snowman Merkle Airdrop

AI First Flight #10
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Submission Details
Impact: low
Likelihood: low
Invalid

Root + Impact

Unused Ownable inheritance in Snow.sol wastes deployment gas and increases attack surface

Description

  • Snow.sol inherits from OpenZeppelin's Ownable and sets the deployer as owner in the constructor. However, the onlyOwner modifier is never used anywhere in the contract.

// Snow.sol
@> contract Snow is ERC20, Ownable { // Ownable is imported but never used
@> constructor(...) ERC20("Snow", "S") Ownable(msg.sender) { // Initializes unused owner

Risk

Likelihood:

  • This is a code quality and gas efficiency issue present at deployment time.

Impact:

  • ~20,000 gas wasted on deployment for the Ownable storage slot (_owner) that is never read or written after construction.

Proof of Concept

Explanation: This PoC demonstrates that while the contract successfully instantiates an owner, the entire codebase uses onlyCollector rather than onlyOwner, leaving the inheritance redundant.

function testOwnableNeverUsed() public {
// The owner is set but never checked by any function
address owner = snow.owner();
assertEq(owner, address(deployer));
}

Recommended Mitigation

Explanation: Removing the Ownable inheritance and its initialization from the constructor cleans up the contract structure and saves deployment gas.

- import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
- contract Snow is ERC20, Ownable {
+ contract Snow is ERC20, ReentrancyGuard {
// ...
- constructor(address _weth, uint256 _buyFee, address _collector) ERC20("Snow", "S") Ownable(msg.sender) {
+ constructor(address _weth, uint256 _buyFee, address _collector) ERC20("Snow", "S") {
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 10 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!