Lack of Zero Address Checks in Parameters Causing `ThePredicter` Smart Contract to Become Unusable
Summary
When the ThePredicter smart contract is deployed, one of the parameters requires an address for the ScoreBoard smart contract. This address is passed through the constructor and sets the ScoreBoard smart contract permanently. However, there are no checks to ensure that a zero address is not passed as the ScoreBoard smart contract address, which could lead to an unusable smart contract.
Vulnerability Details
When the ThePredicter smart contract is deployed, one of the parameters requires an address for the ScoreBoard smart contract. This address is passed through the constructor and sets the ScoreBoard smart contract permanently. However, there are no checks to ensure that a zero address is not passed as the ScoreBoard smart contract address, which could lead to an unusable smart contract.
Impact
If a zero address is set as the ScoreBoard contract address, any interactions and calls to the ScoreBoard smart contract will be unresponsive. Any data or money involved in interactions with the ScoreBoard smart contract will be lost. Players who interact with ThePredicter may lose their funds if the contract cannot properly record scores or handle predictions due to the invalid ScoreBoard address.
Tools Used
Manual Review and Aderyn Report.
Recommendations
To prevent this vulnerability, add a zero address check in the constructor to ensure a valid ScoreBoard address is provided. Here's an example of how to implement this:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.