DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing MultiSig contract address

kouroshnj

Summary

MultiSig contract can only be deployed via "create" opcode in "matchRewards" internal function but the address would never appear in order to use

Vulnerability Details

When "multiSigWallet" created, there is not event to return its address. So for this reason, you are not able to see the contract on unknown deployed address

MultiSigWallet multiSigWallet = new MultiSigWallet(from, to);

Impact

Users can not interact with their "multiSigWallet" contract and back-end would not be able to show the deployed address

Tools Used

Hardhat

Recommendations

You can easily add an event and emit that event when the "multiSigWallet" successfuly deployed.

event MultiSigDeployed(address indexed multiSigAddress);
// Emit this event after contract successfully deployed
emit MultiSigDeployed(address(multiSigWallet));
Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.