DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Critical Constructor Parameter Bug in MultiSigWallet Contract

petesol

Summary

The MultiSigWallet contract contains a critical bug in its constructor where parameter names are incorrectly prefixed with asterisks, causing the contract to be undeployable.

Vulnerability Details

Current implementation:

constructor(address *owner1, address *owner2) {
require(_owner1 != address(0) && _owner2 != address(0), "Invalid owner address");
require(_owner1 != _owner2, "Owners must be different");
owner1 = _owner1;
owner2 = _owner2;
}

The asterisks in the parameter declaration (*owner1, *owner2) are invalid Solidity syntax and will prevent the contract from compiling. Additionally, the function tries to reference _owner1 and _owner2 which don't match the parameter names.

Impact

  • Contract fails to compile

  • Prevents entire DatingDapp system from functioning as MultiSig deployment fails

  • Breaks core matching functionality as rewards cannot be distributed

Tools Used

  • Solidity compiler error analysis

  • Manual code review

  • Syntax verification tools

Recommendations

Fix the constructor syntax:

constructor(address _owner1, address _owner2) {
require(_owner1 != address(0) && _owner2 != address(0), "Invalid owner address");
require(_owner1 != _owner2, "Owners must be different");
owner1 = _owner1;
owner2 = _owner2;
}
Updates

Appeal created

n0kto Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.