Zero Address Vulnerability in Constructor
Summary
The was no check for zero address in the contructor, the feeAddress can be deployed with address(0), though it can be changed but it is not the best practice.
Vulnerability Details
The vulnerability within the contract lies in the constructor, where no checks are in place to prevent the deployment of the contract with a zero address as the feeAddress. While the feeAddress can be changed later, allowing it to be deployed with address(0) is not considered a best practice in terms of security and usability.
Impact
Allowing the contract to be deployed with a zero address as the feeAddress creates potential issues. Even though the address can be changed later, it may lead to confusion and unintended behaviors, especially if users mistakenly send fees to the zero address. This could result in lost funds and operational difficulties.
Tools Used
Manual
Recommendations
To mitigate this vulnerability, the constructor should include a check to ensure that the feeAddress is a valid and non-zero Ethereum address. This check should be part of the contract deployment process to ensure that the contract adheres to best practices and avoids potential issues related to zero addresses.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.