No zero address check on some functions and constructor
Summary
The Soulmate contracts have functions that allow passing in the zero address without checks. This can lead to unpredictable behavior, crashes, or exploitation. The affected functions are:
initVault in Vault.sol
Constructor in Airdrop.sol
initVault and constructor in LoveToken.sol
Constructor in Staking.sol
Vulnerability Details
The lack of zero address check can be found in the following functions
initVaul function in the Vault.sol
Constructor in the Airdrop.sol
InitVault function and constructor in the LoveToken.sol
Constructor in the Staking.sol
Impact
Lack of zero address checks can cause the contracts to not function as intended. For Soulmate specifically, it could result in the wrong addresses being used for deployment and initialization, causing the overall system to work incorrectly.
Tools Used
Manual Review
Recommendations
Add zero address checks to the functions listed above to prevent the passing of the zero address. This will improve security and ensure the contracts work as designed. Performing these checks will mitigate the risks of crashes, unexpected behavior, and potential exploitation.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.