Submission Details
Severity:
KittyPool::constructor Missing checks for address(0) when assigning values to address state variables, can lead to loss of assets in the protocol
Summary
The issue of "missing checks for address(0)" in smart contracts refers to the lack of validation to ensure that an address being assigned or used is not the zero address (0x0000000000000000000000000000000000000000). The zero address is a special address in Ethereum that often indicates an uninitialized state or serves as a null value for addresses.
Vulnerability Details
constructor(address _meowntainer, address _euroPriceFeed, address aavePool) {
meowntainer = _meowntainer;
i_kittyCoin = new KittyCoin(address(this));
i_euroPriceFeed = _euroPriceFeed;
i_aavePool = aavePool;
}
Impact
can lead to loss of assets in the protocol
Tools Used
manual review
Recommendations
Add require statement in the constructor to check for address zero
constructor(address _meowntainer, address _euroPriceFeed, address aavePool) {
+ require(_meowntainer != address(0), "Meowntainer address cannot be the zero address");
+ require(_euroPriceFeed != address(0), "Euro Price Feed address cannot be the zero address");
+ require(aavePool != address(0), "Aave Pool address cannot be the zero address");
meowntainer = _meowntainer;
i_kittyCoin = new KittyCoin(address(this));
i_euroPriceFeed = _euroPriceFeed;
i_aavePool = aavePool;
}
Rewards breakdown
nSLOC
224This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.