First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of zero address checks

aballok

Summary

Address inputs to functions are not sanitized to check that they are not zero addresses

Vulnerability Details

  1. Lack zero address check for _feeAddress in constructor can lead to there being no address to receive fees until resolved

  2. Lack of zero address check for address[] memory newPlayers; newPlayers[i] can lead to entering a zero address which cant receive fee if it wins raffle, additionally it wastes entrance fees by paying for a non existent address, it may also lead to locked funds in the

  3. Lack zero address check for _feeAddress in changeFeeAddress function can lead to there being no address to receive fees until resolved

Impact

Allows address(0) to be taken in that may lead to unexpected behaviour in the protocol as indicated above

Tools Used

Manual Analysis

Recommendations

Recommend to check and revert if address(0) is passed in in relevant places e.g

constructor(uint256 _entranceFee, address _feeAddress, uint256 _raffleDuration) ERC721("Puppy Raffle", "PR") {
require(_feeAddress != address(0), "error string");
entranceFee = _entranceFee;
feeAddress = _feeAddress;
....
//
function enterRaffle(address[] memory newPlayers) public payable {
require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
for (uint256 i = 0; i < newPlayers.length; i++) {
require(newPlayers[i] != address(0), "error string");
players.push(newPlayers[i]);
}
//
function changeFeeAddress(address newFeeAddress) external onlyOwner {
require(newFeeAddress != address(0), "error string");
feeAddress = newFeeAddress;
emit FeeAddressChanged(newFeeAddress);
}
Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Zero address checks

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.