First Flight #21: KittyFi

First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

Lack of Address Validation in Transfer Functions in KittyVault.sol

Summary

The executeDepawsit and executeWhiskdrawal functions do not validate the _user address, ensuring it's not the zero address.

Vulnerability Details

  • Location: executeDepawsit and executeWhiskdrawal functions.

  • Description: These functions directly handle token transfers but do not validate the _user address to ensure it's not the zero address. This can lead to potential issues such as transferring tokens to an unintended address.

Impact

  • Severity: Medium

  • Effect: Transferring to an invalid address can result in lost tokens and reduce the system's resilience.

Tools Used

  • Manual code review

Recommendations

Add checks to ensure the _user address is not a zero address.

function executeDepawsit(address _user, uint256 _ameownt) external onlyPool {
require(_user != address(0), "Invalid user address");
// existing logic
}
function executeWhiskdrawal(address _user, uint256 _cattyNipToWithdraw) external onlyPool {
require(_user != address(0), "Invalid user address");
// existing logic
}
Updates

Lead Judging Commences

shikhar229169 Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.