F-2025-0020·gas-optimization

Use custom errors instead of string revert messages

Acknowledgedstakingnft-boostrewards
TL;DR

Contract uses string revert messages throughout instead of custom errors, missing the deployment and runtime gas savings introduced in Solidity 0.8.4.

Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

The contract uses string messages in require statements throughout the code:

solidity
require(_stakingToken != address(0), "Staking token address cannot be zero");
require(_nftContract != address(0), "NFT contract address cannot be zero");
require(msg.sender == owner, "Only owner can call this function");
// ... more require statements with strings

Custom errors, introduced in Solidity 0.8.4, are more gas-efficient and provide better error handling capabilities:

  • Save deployment gas (no need to store error strings).
  • Save runtime gas (cheaper than require with strings).
  • Allow passing parameters for better error details.
  • Provide clearer error handling in the frontend.
03Section · Recommendation

Recommendation

Replace require statements with custom errors:

solidity
error ZeroAddress(string parameter);
error Unauthorized(address caller, string role);
error InvalidAmount(uint amount, string reason);
ZEALYNX SECURITY · published 2025-05-19
F-2025-0020

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx