Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing Zero Address Check in saveProfit Function

0xkann

Summary:

The saveProfit function internally handles profit updates for a given account, but it lacks a check to validate if the provided account is a non-zero address. If a zero address (address(0)) is passed to the function, it could lead to unintended behavior, errors, or security vulnerabilities. Specifically, this could impact the calculations for profit tracking and potentially lead to funds being incorrectly saved or manipulated.

Vulnerability Details:

Issue: The function does not include a check to verify that the account is a valid address (i.e., not address(0)).

Impact:

Allowing the zero address to be passed into the saveProfit function without validation could:

Corrupt profit data by associating address(0) with profit calculations, making it difficult to track profits correctly for actual accounts.

Tools Used:

Manual Code Review: Analysis of the saveProfit function revealed the lack of address validation.

Recommendations:

require(account != address(0), "Invalid account address."); // Check if the account is valid

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.