GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Zero Address Validations in Critical Functions

sauronsol

Summary

Multiple contract functions accept zero address inputs without validation, risking incorrect system configuration and potential contract state corruption.

Vulnerability Details

The following functions lack zero address checks:

// GivingThanks.sol
function updateRegistry(address _registry) public {
registry = CharityRegistry(_registry); // No validation
}
// CharityRegistry.sol
function registerCharity(address charity) public {
registeredCharities[charity] = true; // No validation
}

Test proving vulnerability:

function testMissingZeroAddressChecks() public {
vm.startPrank(admin);
// Zero address can be registered as charity
registryContract.registerCharity(address(0));
// Zero address can be set as registry
charityContract.updateRegistry(address(0));
// Try to donate to zero address
vm.deal(address(this), 1 ether);
vm.expectRevert();
charityContract.donate{value: 1 ether}(address(0));
vm.stopPrank();
}

Impact

LOW - While not directly exploitable:

  • Registry could be set to zero address, breaking charity verification

  • Invalid charities could be registered

  • Contract state could become inconsistent

  • Potential issues with future upgrades/migrations

Tools Used

  • Manual code review

  • Foundry testing framework

  • Custom test demonstrating lack of validation

  • Contract verification tools

Recommendations

Add zero address validation:

function updateRegistry(address _registry) public {
require(_registry != address(0), "Zero address not allowed");
registry = CharityRegistry(_registry);
emit RegistryUpdated(_registry);
}
function registerCharity(address charity) public {
require(charity != address(0), "Zero address not allowed");
require(charity.code.length > 0, "Must be contract address");
registeredCharities[charity] = true;
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.