First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Input Validation Check Failure

kevinkkien

Summary

The code lacks proper input validation checks, potentially allowing invalid or malicious values to be accepted as input parameters.

Vulnerability Details

The vulnerability is observed in the constructor of the smart contract, specifically in the handling of the _token parameter. The code does not perform adequate checks to ensure the validity of the input value, which could lead to unexpected behavior or vulnerabilities.

constructor(IERC20 _token) Ownable(msg.sender) {
token = _token;
}

Impact

The absence of input validation checks can result in several risks, including:

  • Invalid Addresses: If an invalid or null address is passed as _token, it might lead to runtime errors or undesired behavior.

  • Security Risks: Lack of input validation can open up opportunities for malicious actors to exploit vulnerabilities related to the _token parameter.

Tools Used

Manual

Recommendations

Add input validation checks to ensure that the _token parameter is a valid and non-null Ethereum address.

require(_token != address(0), "Invalid token address");
Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.