Missing Zero Address Validation in transferAdmin Function
Summary
The transferAdmin function allows the current administrator to transfer administrative control to a new address (newAdmin). However, the function lacks validation to ensure that newAdmin is not the zero address (address(0)), which could result in a vulnerability leading to the loss of administrative control of the contract.
Vulnerability Details
Vulnerability
The transferAdmin function updates the admin variable with the provided newAdmin address but does not check if this address is the zero address (address(0)). This could result in a situation where the administrative privileges are transferred to an unusable address.
Impact
If the newAdmin address is accidentally or intentionally set to address(0), no further administrative actions could be executed, as address(0) cannot initiate transactions. This would lead to a permanent loss of control over any privileged functions restricted to the onlyAdmin modifier, potentially rendering the contract unmanageable.
Tools Used
Manual Review
Recommendations
require(newAdmin != address(0), "New admin cannot be the zero address");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.