First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of Address Validation in Transfer Functions in KittyVault.sol

heim

Summary

The executeDepawsit and executeWhiskdrawal functions do not validate the _user address, ensuring it's not the zero address.

Vulnerability Details

Location: executeDepawsit and executeWhiskdrawal functions.
Description: These functions directly handle token transfers but do not validate the _user address to ensure it's not the zero address. This can lead to potential issues such as transferring tokens to an unintended address.

Impact

Severity: Medium
Effect: Transferring to an invalid address can result in lost tokens and reduce the system's resilience.

Tools Used

Manual code review

Recommendations

Add checks to ensure the _user address is not a zero address.

function executeDepawsit(address _user, uint256 _ameownt) external onlyPool {

require(_user != address(0), "Invalid user address");

// existing logic

}

function executeWhiskdrawal(address _user, uint256 _cattyNipToWithdraw) external onlyPool {

require(_user != address(0), "Invalid user address");

// existing logic

}

Updates

Lead Judging Commences

shikhar229169 Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.