First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Input Validation Check Issue in approveTo Function

kevinkkien

Summary

The approveTo function in the smart contract lacks proper input validation checks, which could potentially lead to security vulnerabilities.

Vulnerability Details

The function approveTo is designed to approve a specified target address to spend a certain amount of tokens. However, it lacks essential input validation checks, leaving room for potential misuse or unintended behavior.

Missing Input Validation

  • Null Address Check: The function does not verify whether the target address (target) is a valid Ethereum address. This could result in approving transactions to an invalid or null address, leading to the loss of tokens.

  • Negative Amount Check: There is no validation to ensure that the amount parameter is non-negative. This could allow users to execute the function with negative amounts, leading to unexpected behavior.

Impact

These vulnerabilities may lead to potential risks, including but not limited to the loss of tokens, unexpected behavior, and potential exploitation by malicious actors.

Tools Used

Manual

Recommendations

Implement Null Address Check: Add a check at the beginning of the function to ensure that the target address is not a null address.

require(target != address(0), "Invalid target address");

Enforce Non-Negative Amounts: Add a validation check to ensure that the amount parameter is non-negative.

require(amount >= 0, "Amount must be non-negative");
Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.