Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Uninitialized EggVault NFT Reference

martinso

Summary

  • The EggVault constructor does not initialize the eggNFT address, requiring a separate setEggNFT call, which could lead to misconfiguration or usage of the vault before it’s properly set up.

Vulnerability Details

  • The constructor:

constructor() Ownable(msg.sender) {}

  • eggNFT is left uninitialized, and setEggNFT must be called by the owner:

function setEggNFT(address _eggNFTAddress) external onlyOwner {
require(_eggNFTAddress != address(0), "Invalid NFT address");
eggNFT = EggstravaganzaNFT(_eggNFTAddress);
}

  • If depositEgg or withdrawEgg is called before setEggNFT, it will revert due to an uninitialized eggNFT, but this reliance on external setup introduces a risk of misconfiguration or delay.

Impact

  • If the owner forgets to call setEggNFT, the vault is unusable until corrected, potentially disrupting game flow.

  • In a worst-case scenario, a malicious owner could set an incorrect NFT contract, leading to unexpected behavior.

Tools Used

  • Manual code review.

  • Understanding of contract initialization patterns.

Recommendations

  • Initialize eggNFT in the constructor to ensure the vault is fully functional upon deployment:

constructor(address _eggNFTAddress) Ownable(msg.sender) {
require(_eggNFTAddress != address(0), "Invalid NFT address");
eggNFT = EggstravaganzaNFT(_eggNFTAddress);
}

  • Remove setEggNFT unless there’s a specific need to change the NFT contract post-deployment (e.g., upgrades).

Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

State corruption

Changing the NFT contract address doesn't update the storedEggs and eggDepositors mappings

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.