Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Zero-Address Validation and Event Emission Gaps in Oracle Update Function

francohacker

Summary

  1. Zero-Address Assignment Risk

    • The function fails to validate that the newOracle address is non-zero (address(0)). Assigning a zero address could disrupt critical contract functionality (e.g., oracle-dependent operations like interest rate calculations), leading to system failures or fund lockups.

  2. Missing State Change Event

    • The modification of the primeRateOracle state variable lacks an emitted event. This omission violates transparency best practices, hinders off-chain monitoring, and complicates auditing or debugging of historical changes.

Impact

  • Operational Failure:
    If primeRateOracle is set to address(0), any function relying on this oracle (e.g., fetching interest rates, validating transactions) will fail. This could halt core contract functionality, such as loan processing, reward distributions, or price calculations.

  • Financial Loss:
    In systems where the oracle is critical (e.g., DeFi protocols), invalid oracle addresses could lock user funds, disrupt withdrawals, or cause incorrect financial computations (e.g., interest accrual).

Tools Used

manual review

Recommendations

`event PrimeRateOracleUpdated(address indexed oldOracle, address indexed newOracle);

function setPrimeRateOracle(address newOracle) external onlyOwner {

require(newOracle != address(0), "Oracle address cannot be zero");

primeRateOracle = newOracle

emit PrimeRateOracleUpdated(primeRateOracle, newOracle);

}`

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.