Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

H-02: Prevent Setting Host to Zero Address

_okchev

Summary

The changeHost function in the contract lacks a critical validation to prevent the host variable from being set to address(0). This oversight could lead to a denial of service (DoS) and irrecoverable contract state, as address(0) does not represent a valid host.

Vulnerability Details

The function fails to validate that _newHost is a valid, non-zero address. This allows address(0) to be set as the host, effectively bricking the contract, as address(0) cannot execute any functions restricted by the onlyHost modifier.

function changeHost(address _newHost) external onlyHost {
if(!participant[_newHost]) {
revert OnlyParticipantsCanBeHost();
}
host = _newHost;
emit NewHost(host);
}

Impact

  • If host is set to address(0), all functions protected by the onlyHost modifier become inaccessible, rendering the contract partially or completely unusable.

  • The contract could be permanently bricked if no mechanisms exist to recover from an invalid host.

Tools Used

Manual Review: A detailed inspection of the changeHost function revealed the absence of a check for address(0).

Recommendations

Add a check to ensure that _newHost is not the zero address:

if (_newHost == address(0)) {
revert InvalidHostAddress();
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!