Submission Details
Severity:
Lacks zero address check in MembershipERC1155::callExternalContract function
Summary
the purpose of the callExternalContractfunction in the MembershipERC1155is to call other contracts but the function does not check for zero address during the function call.
Vulnerability Details
function callExternalContract(address contractAddress, bytes memory data)
external
payable
onlyRole(OWP_FACTORY_ROLE)
returns (bytes memory)
{
//Does no check if the contractAddress is zero address
(bool success, bytes memory returndata) = contractAddress.call{value: msg.value}(data);
require(success, "External call failed");
return returndata;
}
Tools Used
manual review
Recommendations
function callExternalContract(address contractAddress, bytes memory data)
external
payable
onlyRole(OWP_FACTORY_ROLE)
returns (bytes memory)
{
+ if (contractAddress == address(0)) revert CannotBeZeroAddress();
(bool success, bytes memory returndata) = contractAddress.call{value: msg.value}(data);
require(success, "External call failed");
return returndata;
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128
USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.