First Flight #12: Kitty Connect

First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Submission Details
Severity: high
Invalid

[H-1] Lack of checks in `KittyConnect::addShop`

Summary

Missing validations and checks of shopAddress in KittyConnect::addShop

function addShop(address shopAddress) external onlyKittyConnectOwner {
s_isKittyShop[shopAddress] = true;
s_kittyShops.push(shopAddress);
emit ShopPartnerAdded(shopAddress);
}

Vulnerability Details

Not validating shopAddress allows a potential attacker to set shopAddress to the 0x0 address or add duplicate addresses.

Impact

Due to the lack of checks in KittyConnect::addShop, that might result in casuing unintended consequences such as loss of funds or failure of transactions that depend on a valid shop address.

Tools Used

Manual Review

Recommendations

function addShop(address shopAddress) external onlyKittyConnectOwner {
+ require(shopAddress != address(0), "Invalid shop address");
+ require(!s_isKittyShop[shopAddress], "Shop address already exists");
s_isKittyShop[shopAddress] = true;
s_kittyShops.push(shopAddress);
emit ShopPartnerAdded(shopAddress);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.