# #41765 \[SC-Insight] Storage slots only set in constructor should be declared \`immutable\` **Submitted on Mar 18th 2025 at 07:54:52 UTC by @Victor\_TheOracle for** [**Audit Comp | Yeet**](https://immunefi.com/audit-competition/audit-comp-yeet) * **Report ID:** #41765 * **Report Type:** Smart Contract * **Report severity:** Insight * **Target:** * **Impacts:** ## Description ## Brief/Intro The issue involves two state variables in the `yeetback.sol` contract that are set only during construction but are not declared as `immutable`. In non-upgradeable contracts, failing to mark such variables as immutable results in unnecessary gas costs since these variables occupy storage slots, potentially increasing the cost of contract interactions on mainnet. ## Vulnerability Details In Solidity, variables that are assigned a value only once in the constructor and never modified should be declared as immutable. This allows the Solidity compiler to optimize these variables by embedding their values directly into the bytecode rather than storing them in a storage slot. In `yeetback.sol`, the variables `entropy` and `entropyProvider` are initialized in the constructor but are not declared as `immutable`: ```solidity /// @dev The entropy contract address //@audit (info) -----> Should be immutable IEntropy private entropy; /// @dev The address of the entropy provider //@audit (info) -----> Should be immutable address private entropyProvider; ``` ```solidity constructor(address _entropy, address _entropyProvider) Ownable(msg.sender) { require(_entropy != address(0), "Yeetback: Invalid entropy address"); require(_entropyProvider != address(0), "Yeetback: Invalid entropy provider address"); entropy = IEntropy(_entropy); entropyProvider = _entropyProvider; } ``` ## Impact Details The main impact of this vulnerability is increased gas consumption during contract execution. By storing these values in storage rather than embedding them in the contract's code, each access to these variables requires an SLOAD operation, which is more gas-intensive. ## References Relevant Code snippet: ## Proof of Concept ## Proof of Concept --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/yeet/41765-sc-insight-storage-slots-only-set-in-constructor-should-be-declared-immutable.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.