Submission Details
Severity:
Constructor in `FjordPoints.sol` contract does not set the staking contract address
Summary
The natspec of the constructor states that it is to set the staking address but it does not.
Vulnerability Details
The constructor does not initialize the staking contract address as is intended by the netspecs:
// location: FjordPoints.sol
/**
* @dev Sets the staking contract address and initializes the ERC20 token.
*/
constructor() ERC20("BjordBoint", "BJB") {
owner = msg.sender;
lastDistribution = block.timestamp;
pointsPerEpoch = 100 ether;
}
Impact
The contract does not currently work as intended. The owner of the contract will have to remember to call an additional function post-deployment to set the staking contract address.
Tools Used
Manual review
Recommendations
Update the constructor to initialize the staking contract:
/**
* @dev Sets the staking contract address and initializes the ERC20 token.
*/
constructor(address _staking) ERC20("BjordBoint", "BJB") { //<-- edited line here
owner = msg.sender;
lastDistribution = block.timestamp;
pointsPerEpoch = 100 ether;
staking = _staking; //<-- added line here
}
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
66230 USDC / LOC
16,000 USDC
2,500 USDC
1,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.