DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing `address(0)` checks in `LikeRegistry::constructor`

pintosric

Summary

The constructorin the LikeRegistrycontract doesn't have an address(0) check for the _profileNFTparameter:

constructor(address _profileNFT) Ownable(msg.sender){
profileNFT = SoulboundProfileNFT(_profileNFT);
}

Vulnerability Details

If _profileNFT is set to address(0), the contract will reference a null address, which would cause reverts or unintended behavior when interacting with profileNFT.

Impact

Any function that depends on profileNFT (e.g., calling profileNFT.mintProfile(...)) will fail if the zero address is used.

Tools Used

Slither

Recommendations

Consider adding an address(0) check to avoid protocol failures.

constructor(address _profileNFT) Ownable(msg.sender) {
+ require(_profileNFT != address(0), "Invalid profileNFT address");
profileNFT = SoulboundProfileNFT(_profileNFT);
}
Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.