Custom Error: Definition, Smart Contract Example & Audit Notes

Custom Error

A custom error is a Solidity error type declared with error Name(args) and used to revert with structured, gas-efficient data.

A custom error is a named revert that is cheaper and easier to test than a long revert string.

Custom Error Explained in Detail

Custom errors are declared with error and used with revert. They return a selector and encoded arguments, similar to function-call data.

They are usually cheaper than revert strings and make tests more precise.

Smart contract example

error NotOwner(address caller);

if (msg.sender != owner) revert NotOwner(msg.sender);

Tests can check the exact error selector and arguments.

Custom Error in Auditing

Custom errors document expected failure paths. Precise errors also help tests prove that a function failed for the intended reason, not because of an unrelated revert.

Auditors use them to understand control flow and authorization failures.

Red flags in code

Different failure cases use the same vague error.
Access-control failures emit the wrong error.
Sensitive data is included in error arguments.
Low-level callers ignore or mis-handle revert data.
Tests only expect any revert instead of the intended error.

How to test or review it

Assert exact custom errors for important failure paths.
Check error arguments match the failed condition.
Review low-level call wrappers that bubble errors.
Ensure errors support debugging without leaking sensitive data.
Use errors to distinguish authorization, validation, and state failures.

Sources

https://docs.soliditylang.org/en/latest/contracts.html#errors-and-the-revert-statement