Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Initialization Checks Across Contracts

hoossayn

Summary

Contracts lack proper initialization checks before allowing critical operations.

Vulnerability Details

Several functions assume proper initialization without verification:

  • EggstravaganzaNFT's mintEgg() doesn't check if gameContract has been set

  • EggVault operations don't verify that eggNFT has been set

  • EggHuntGame doesn't verify that it has been set as the gameContract in EggstravaganzaNFT

Impact

This could lead to states where operations fail unexpectedly or contracts become permanently unusable if initialization steps are performed in the wrong order

Tools Used

Manual code review

Recommendations

Add checks in each critical function:

// In EggstravaganzaNFT
function mintEgg(address to, uint256 tokenId) external returns (bool) {
require(gameContract != address(0), "Game contract not set");
require(msg.sender == gameContract, "Unauthorized minter");
// Rest of function
}
// In EggVault
function depositEgg(uint256 tokenId, address depositor) public {
require(address(eggNFT) != address(0), "NFT contract not set");
// Rest of function
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!