Hardcoding numbers is error-prone #203
Labels
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Warden finding
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
0 (Non-critical)
frank-beard
added
the
sponsor confirmed
|
100% agree with the warden, Magic Values can cause big issues, recently I've seen a UniV2 fork forget a 0 in 10_000 (because they weren't using CONSTANTS) and get completely rekt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
pauliax
Vulnerability details
Impact
Hardcoding numbers that depend on other variables is error-prone, e.g.
require(newOwnerSplit <= 2e17); // 20%
You must not forget to update this if you decide to change the BASE value.
Recommended Mitigation Steps
Better define a separate constant that directly depends on the BASE, e.g.:
uint256 private constant MAX_OWNER_SPLIT = BASE / 5; // 20%
require(newOwnerSplit <= MAX_OWNER_SPLIT);
The text was updated successfully, but these errors were encountered: