Lack of Parameter Validation and Initialization Check
Summary
The initialize function lacks proper parameter validation and does not check whether the contract has already been initialized. This can lead to unexpected behavior and potential vulnerabilities if the function is called multiple times or with invalid parameters.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/SystemConfig.sol#L25-L31
Vulnerability Details: No Parameter Validation
The initialize function does not validate the input parameters _basePlatformFeeRate and _baseReferralRate. This absence of validation means that invalid values (such as zero or negative rates) can be set, leading to logical errors in the contract's operations and affecting the platform's functionality.
Recommendation: No Parameter Validation
Implement parameter validation to ensure that:
_basePlatformFeeRateis greater than zero._baseReferralRateis non-negative.
For example:
Lead Judging Commences
[invalid] finding-Admin-Errors-Malicious
The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.