Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

L-2: Missing checks for `address(0)` when assigning values to address state variables

doctorgraphene

Summary

A vulnerability was found where an address state variable is assigned a value without checking if it's equal to the zero address (address(0)). This could lead to unexpected behavior or security issues if the address is invalid.

Vulnerability Details

  • Location: Line 171 in src/ChristmasDinner.sol

  • Type: Missing zero address check

  • Description: The _host state variable is assigned a value without verifying if it's a valid address.

Impact

  1. Potential loss of functionality: If an invalid address is assigned, it could break critical contract logic relying on this variable.

  2. Security risks: Malicious actors could potentially exploit this by sending transactions to an invalid address.

  3. Unexpected behavior: The contract may behave unexpectedly when trying to interact with the invalid address.

Tools Used

Slither static analysis tool identified this vulnerability.

Recommendations

  1. Add a check to ensure the assigned value is not address(0) before setting the _host state variable:

function setHost(address _newHost) public {
require(_newHost != address(0), "Host cannot be zero address");
host = _newHost;
}

  1. Implement similar checks for all address state variables throughout the contract.

  1. Consider using OpenZeppelin's Address library for additional safety checks:

using Address for address;
function setHost(address _newHost) public {
require(_newHost != address(0), "Host cannot be zero address");
host = _newHost;
}

  1. Review all instances where addresses are assigned to state variables and add appropriate checks.

  1. Implement comprehensive input validation for functions that accept address parameters.

  1. Consider adding events for important state changes, including when an address is set:

event HostUpdated(address oldHost, address newHost);
function setHost(address _newHost) public {
require(_newHost != address(0), "Host cannot be zero address");
emit HostUpdated(host, _newHost);
host = _newHost;
}

By addressing this vulnerability, you'll improve the robustness and security of your smart contract by ensuring that only valid addresses are used as state variables.

L-2: Missing checks for address(0) when assigning values to address state variables

Check for address(0) when assigning values to address state variables.

1 Found Instances

  • Found in src/ChristmasDinner.sol Line: 171

    host = _newHost;
Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.