First Flight #9: Soulmate

First Flight #9

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

No address(0) check

yourguyd3v

Low

[L-3] `Staking` Address(0) Check Absence in Constructor

Description:

The constructor function provided lacks a check for the address(0) condition. This condition is typically used to ensure that the provided addresses for essential contracts or variables are not set to the zero address, which represents an uninitialized address in Ethereum. The absence of this check might pose potential risks depending on the context in which this constructor is used.

Impact:

The impact of not having an address(0) check primarily depends on how the initialized addresses are utilized within the contract. However, in general, it could lead to unexpected behavior or vulnerabilities, such as:

Uninitialized Address Usage: If any of the addresses provided to the constructor are unintentionally set to address(0), it could lead to runtime errors or vulnerabilities when interacting with these contracts.
Unexpected Behavior: Without the address(0) check, the contract may not handle invalid or uninitialized addresses appropriately, potentially leading to unexpected behavior during contract execution.

Proof of Concept:

A proof of concept illustrating the potential impact of uninitialized addresses can be demonstrated by intentionally providing address(0) to one of the contract parameters during deployment. For instance:

// Deploying the contract with address(0) for _loveToken parameter

stakingContract = new Staking(

ILoveToken(address(loveToken)),

ISoulmate(address(0)),

IVault(address(stakingVault))

);

Recommended Mitigation:

To mitigate the risks associated with uninitialized addresses, it's advisable to implement an address(0) check within the constructor or relevant functions. Here's a recommended mitigation approach:

constructor(ILoveToken _loveToken, ISoulmate _soulmateContract, IVault _stakingVault) {

+ if (_loveToken == address(0) || _soulmateContract == address(0) || _stakingVault == address(0)) {

+ revert();

+ }

loveToken = _loveToken;

soulmateContract = _soulmateContract;

stakingVault = _stakingVault;

}

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

233

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.