Improvements Needed in SystemConfig Contract Functions for Better Robustness and Usability
Summary
The SystemConfig contract has several functions (createMarketPlace, updateMarket, and updateMarketPlaceStatus) that could benefit from improvements to enhance robustness and usability. The main issues identified are:
No check for an empty marketplace name in
createMarketPlace.The
createMarketPlacefunction doesn't return the generated marketplace address.The
updateMarketPlaceStatusfunction does not verify if the marketplace exists before updating its status.
Vulnerability Details
The current implementation doesn't leverage the generated address:
And subsequently, one of the update function:
Impact
These issues could potentially lead to:
Unexpected behavior with empty marketplace names.
Difficulty in tracking newly created marketplace addresses.
Tools Used
Manual review
Recommendations
Add a check for empty marketplace names and consider returning the generated marketplace address to be used in the updateX function:
Lead Judging Commences
[invalid] finding-Admin-Errors-Malicious
The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.