First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

[L-01] Lack of Input Validation for Constructor Parameters

maanvad3r

Summary

The constructor of the contract does not have validations in place to check for a zero address or zero values for the _entranceFee and _raffleDuration parameters. This lack of validation could lead to undesired behavior of the contract when instantiated with such values.

Vulnerability Details

In the provided code snippet, the constructor takes three arguments: _entranceFee, _feeAddress, and _raffleDuration. However, there are no checks to ensure that _feeAddress is not a zero address, or that _entranceFee and _raffleDuration are not zero values.

constructor(uint256 _entranceFee, address _feeAddress, uint256 _raffleDuration) ERC721("Puppy Raffle", "PR") {

entranceFee = _entranceFee; //@audit-info no 0 check

feeAddress = _feeAddress; //@audit-info no 0 check

raffleDuration = _raffleDuration; //@audit-info no 0 check value can be low

raffleStartTime = block.timestamp;

...

}

Impact

If _feeAddress is set to the zero address, any funds directed towards the feeAddress within the contract could be irretrievably lost.
If _entranceFee or _raffleDuration is set to zero, it might alter the intended logic and flow of the contract, potentially making the raffle free to enter or instant to conclude, respectively.

Tools Used

Manual code review.

Recommendations

Implement input validation checks in the constructor to ensure that _feeAddress is not a zero address, and _entranceFee and _raffleDuration are not zero values.
It could be beneficial to have a require statement checking these conditions:

require(_feeAddress != address(0), "Fee address cannot be 0");

require(_entranceFee > 0, "Entrance fee must be greater than 0");

require(_raffleDuration > 0, "Raffle duration must be greater than 0");

These checks will help in maintaining the integrity and expected behavior of the contract when it is deployed.

Updates

Lead Judging Commences

Hamiltonite Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Admin Input/call validation

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.