Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Uninitialized EggVault NFT Reference

martinso

Summary

  • The EggVault constructor does not initialize the eggNFT address, requiring a separate setEggNFT call, which could lead to misconfiguration or usage of the vault before it’s properly set up.

Vulnerability Details

  • The constructor:

constructor() Ownable(msg.sender) {}

  • eggNFT is left uninitialized, and setEggNFT must be called by the owner:

function setEggNFT(address _eggNFTAddress) external onlyOwner {
require(_eggNFTAddress != address(0), "Invalid NFT address");
eggNFT = EggstravaganzaNFT(_eggNFTAddress);
}

  • If depositEgg or withdrawEgg is called before setEggNFT, it will revert due to an uninitialized eggNFT, but this reliance on external setup introduces a risk of misconfiguration or delay.

Impact

  • If the owner forgets to call setEggNFT, the vault is unusable until corrected, potentially disrupting game flow.

  • In a worst-case scenario, a malicious owner could set an incorrect NFT contract, leading to unexpected behavior.

Tools Used

  • Manual code review.

  • Understanding of contract initialization patterns.

Recommendations

  • Initialize eggNFT in the constructor to ensure the vault is fully functional upon deployment:

constructor(address _eggNFTAddress) Ownable(msg.sender) {
require(_eggNFTAddress != address(0), "Invalid NFT address");
eggNFT = EggstravaganzaNFT(_eggNFTAddress);
}

  • Remove setEggNFT unless there’s a specific need to change the NFT contract post-deployment (e.g., upgrades).

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

State corruption

Changing the NFT contract address doesn't update the storedEggs and eggDepositors mappings

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!