First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Constructor params are not checked properly, _entranceFee can be set to zero

0xaraj

Summary

PuppyRaffle constructor is taking arguments but not properly checking it as it can lead to set zero or wrong values as some arguments are immutable.

Vulnerability Details

Constructor is taking 3 arguments _entranceFee _feeAddress _raffleDuration but non of them is check for zero, _entranceFee is immutable and if it is sets to zero then is can't be changed. Similarly _feeAddress can be a zero address, although is can be change through PuppyRaffle::changeFeeAddress function. _raffleDuration can be also zero.

Impact

Loss for owner of the protocol because _entranceFee is set to zero or also it funds transfer to zero address(0).

Tools Used

Manual Review

Recommendations

Check them properly

// In constructor
+ require(_entranceFee != 0, "PuppyRaffle: Fee can't be zero");
+ require(_feeAddress != address(0), "PuppyRaffle: Address can't be zero");
+ require(_raffleDuration != 0, "PuppyRaffle: Duration can't be zero");
// In changeFeeAddress function
+ require(_feeAddress != address(0), "PuppyRaffle: Address can't be zero");
Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: Admin Input/call validation

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!