Submission Details
Severity:
Lack of Validation for Token Address in `KittyVault::constructor` function
Description: The constructor does not validate the _token, _kittyPool, _priceFeed, _euroPriceFeed, _meowntainer, and _aavePool addresses, which could lead to setting invalid or malicious addresses.
Impact: Invalid or malicious addresses could lead to loss of funds or other unexpected behavior.
Recommended Mitigation: Add validation checks to ensure that addresses are non-zero and valid.
constructor(
address _token,
address _kittyPool,
address _priceFeed,
address _euroPriceFeed,
address _meowntainer,
address _aavePool
) {
require(_token != address(0), "Invalid token address");
require(_kittyPool != address(0), "Invalid kitty pool address");
require(_priceFeed != address(0), "Invalid price feed address");
require(_euroPriceFeed != address(0), "Invalid euro price feed address");
require(_meowntainer != address(0), "Invalid meowntainer address");
require(_aavePool != address(0), "Invalid aave pool address");
token = _token;
kittyPool = _kittyPool;
priceFeed = _priceFeed;
euroPriceFeed = _euroPriceFeed;
meowntainer = _meowntainer;
aavePool = _aavePool;
}
Rewards breakdown
nSLOC
224This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.