Mystery Box

First Flight #25

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Zero Address Check in transferReward() Function

invcbull

Summary

The transferReward() function lacks a check to ensure that the recipient address (_to) is not the zero address (0x0000000000000000000000000000000000000000). Without this check, a user could accidentally or maliciously transfer a reward to the zero address, resulting in a permanent loss of the reward.

Vulnerability Details

The function does not validate that the _to address is not the zero address. If the zero address is used as the recipient, the reward will be sent to an address that no one controls, effectively resulting in the loss of the reward.

Vulnerable Code Snippet

function transferReward(address _to, uint256 _index) public {

require(_index < rewardsOwned[msg.sender].length, "Invalid index");

rewardsOwned[_to].push(rewardsOwned[msg.sender][_index]);

delete rewardsOwned[msg.sender][_index];

}

Impact

Transferring a reward to the zero address results in an irreversible loss, as that address is non-recoverable and cannot be accessed by any user. This vulnerability poses a significant risk, as it can lead to the accidental or, in some cases, intentional loss of valuable rewards.

Moreover, all users of the contract face potential consequences from this oversight. If a user inadvertently executes a transfer to the zero address, they could lose rewards that they may have worked hard to earn. This not only diminishes the user experience but also undermines trust in the contract's functionality and security.

Tools Used

Manual review

Recommendations

Consider adding a require statement to check that the _to address is not the zero address before proceeding with the transfer.

As I have shown here:

function transferReward(address _to, uint256 _index) public {

+ require(_to != address(0), "Cannot transfer to zero address"); // Added check to prevent zero address transfer

require(_index < rewardsOwned[msg.sender].length, "Invalid index");

rewardsOwned[_to].push(rewardsOwned[msg.sender][_index]);

delete rewardsOwned[msg.sender][_index];

}

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!