First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

No Zero address checks

tinotendajoe01

Summary

  • The selectWinner function in the PuppyRaffle contract does not explicitly check if the winner address is a zero address before minting a new NFT to the winner.

Vulnerability Details

-the winner is determined by a pseudo-random process in the selectWinner function. There's no explicit check to ensure that the winner address is not a zero address. While the OpenZeppelin _safeMint function does include a check for this, it's generally a good practice to include such checks in your own contract for clarity and to prevent potential mistakes.

Impact

If the winner address is a zero address, the _safeMint function will revert and the transaction will fail. This could disrupt the operation of the raffle if _safeMint fails it will potentially disrupt the rarity of the tokens

Tools Used

  • Foundry, Manual code review

Recommendations

Add a check to ensure that the winner is not a zero address before calling _safeMint. Here's how you could implement this change:

+ require(winner != address(0), "PuppyRaffle: Winner is a zero address");
_safeMint(winner, tokenId);
Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: Zero address checks

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!