Weather Witness
First Flight #40
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Missing zero address validation for variable _keeperRegistrar in `constructor` of `WeatherNft`

franzops

Root + Impact

Missing zero address validation for variable _keeperRegistrar in constructor of WeatherNft. This can lead to unexpected behavior or vulnerabilities in the contract.

Description

Missing zero address validation for variable _keeperRegistrar in constructor of WeatherNft. This can lead to unexpected behavior or vulnerabilities in the contract. It is important to validate that the address is not zero before assigning it to the variable.

Risk

Likelihood: LOW

  • Generally, the contract is deployed by trusted owner/entity that likely pass correct parameters to constructor

Impact: LOW

  • The contract deployed could not work properly

Recommended Mitigation

Add a check to ensure that the address is not zero before assigning it to the variable. This can be done by adding a require statement in the constructor.

constructor(
Weather[] memory weathers,
string[] memory weatherURIs,
address functionsRouter,
FunctionsConfig memory _config,
uint256 _currentMintPrice,
uint256 _stepIncreasePerMint,
address _link,
address _keeperRegistry,
address _keeperRegistrar,
uint32 _upkeepGaslimit
)
ERC721("Weather NFT", "W-NFT")
FunctionsClient(functionsRouter)
ConfirmedOwner(msg.sender)
{
+ require(_keeperRegistrar != address(0), "Error address cannot be zero");
require(
weathers.length == weatherURIs.length,
WeatherNft__IncorrectLength()
);
. . .
}
Updates

Appeal created

bube Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.