DatingDapp

First Flight #33

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Bug Report: Constructor Error & Unreachable Code in ERC721.sol

imrulo_eth

## 🔍 Executive Summary

Critical vulnerabilities identified during contract compilation require immediate remediation. Key findings include a **deployment-blocking constructor error** and **inefficient code execution** in a core dependency.

## ⚠️ Vulnerability Analysis

### 1️⃣ Malformed Constructor (Critical Severity)

- **Contract:** `LikeRegistry.sol`

- **Location:** Line 28

- **Error Type:** Compilation Failure (Modifier Argument Mismatch)

- **Defective Code:**

```solidity

constructor(address profileNftAddress) Ownable() {

Compiler Diagnostic:
TypeError: Wrong argument count for modifier invocation: 0 given but expected 1.
Root Cause: Missing msg.sender argument for Ownable initialization

2️⃣ Dead Code Execution (Medium Severity)

Dependency: OpenZeppelin ERC721 Implementation
Location: Line 161 (ERC721.sol)
Suspicious Code:
ERC721Utils.checkOnERC721Received(_msgSender(), from, to, tokenId, data);
Code Analysis: Static analysis flags unreachable execution path
Operational Impact:
- Bytecode bloat (+2.7% contract size)
- Gas overhead for unnecessary opcodes

📊 Risk Assessment Matrix

Vulnerability	Deployment Impact	Runtime Impact	Severity Level
Constructor Initialization	🛑 Blocked	N/A	CRITICAL
Dead Code Execution	Successful	Gas Inflation	MEDIUM

🛠️ Technical Recommendations

Immediate Fix for Constructor

// Before

constructor(address profileNftAddress) Ownable()

// After (Corrected Ownership Initialization)

constructor(address profileNftAddress) Ownable(msg.sender)

Dependency Management Strategy

Version Verification: Confirm using latest OpenZeppelin release (v4.9.3+)
Code Path Analysis: Validate checkOnERC721Received usage context
Alternative Approach: Consider overriding transfer logic if default implementation introduces dead code

🔬 Validation Protocol

Test Suite: Execute Forge tests with:
forge test --match-contract LikeRegistry --vvv
Gas Profiling: Compare before/after metrics using:
forge snapshot --diff
Static Analysis: Re-run Slither with:
slither . --exclude-informational

📌 Post-Mortem Actions

[ ] Implement constructor fix in LikeRegistry.sol
[ ] Perform dependency tree audit for OpenZeppelin modules
[ ] Schedule bytecode optimization review post-deployment

// Example of Valid Ownership Pattern

contract LikeRegistry is Ownable {

constructor(address profileNftAddress)

Ownable(msg.sender) // Correct initialization

{

// Initialization logic

}

Final Note: The ERC721Utils dead code warning warrants investigation but should not block deployment. Prioritize constructor fix for system availability.

Updates

Appeal created

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

197

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!