Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Zero Address Check in NFTFactory Constructor

0xbyteknight

Summary

The NFTFactory contract's constructor does not validate that the provided inheritance manager address is non-zero. This omission can lead to misconfiguration, rendering the admin role unusable if accidentally set to the zero address.

Vulnerability Details

During deployment, the NFTFactory contract accepts an address parameter for the inheritance manager without verifying that it is not the zero address. If a zero address is inadvertently passed, no entity will have the proper admin rights to mint or burn NFTs. Although this misconfiguration is likely to be caught at deployment, it can lead to loss of functionality or unintended behavior within the system if not addressed.

Impact

Direct Impact: Misconfiguration resulting in the admin role being assigned to the zero address, which disables the intended NFT management functionality.

Tools Used

Manual code review

Recommendations

Add a check in the constructor to ensure that the _inheritanceManager parameter is not the zero address.

Example improvement:

constructor(address _inheritanceManager) ERC721("On Chain Estate", "OCE") {
require(_inheritanceManager != address(0), "Invalid address: zero address");
inheritanceManager = _inheritanceManager;
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xtimefliez Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.