Submission Details
Severity:
zero check for `RamNFT::setChoosingRamContract`
Summary
As mentioned, making choosingRamContract as immutable is ideal. Hence, it becomes impossible to update the contract address later if it was set as wrong address initially.
Vulnerability Details
Place below code inDussehra.t.sol and run - forge test --mt test_zeroAddress
function test_zeroAddress() public participants {
assertEq(address(dussehra).balance, 2 ether); // two players entered the game and now protocol has 2 ether
vm.startPrank(organiser);
ramNFT.setChoosingRamContract(address(0)); // setting zero address
vm.stopPrank();
vm.startPrank(player1);
vm.expectRevert();
choosingRam.increaseValuesOfParticipants(0, 1); // should revert as zero address is set as a result nft characteristics can't be updated
vm.stopPrank();
}
Impact
it's a best practice to check if the contract address being set is valid address. for eg. not a zero address to ensure any unintended behavior of protocol like loosing funds or assets.
Tools Used
Recommendations
make below code changes in ChoosingRam.sol
+ error ChoosingRamContract__InvalidchoosingRamContractAddress();
function setChoosingRamContract(address _choosingRamContract) public onlyOrganiser {
+ if(_choosingRamContract == address(0)){
+ revert ChoosingRamContract__InvalidchoosingRamContractAddress();
+ }
choosingRamContract = _choosingRamContract;
}
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Info/Gas/Invalid according to docs
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.