Submission Details
Impact:
Likelihood:
Missing Zero Address Check in BeatToken::setFestivalContract
Missing zero address check in BeatToken::setFestivalContract, may lead to invalid contract assignment
Description
The
BeatToken::setFestivalContractfunction allows theownerto assign a festival contract address.
But it does not validate that the provided address is non-zero.
function setFestivalContract(address _festival) external onlyOwner {
require(festivalContract == address(0), "Festival contract already set");
@> festivalContract = _festival;
}
Risk
Likelihood:
Low: As owner is resposible for setting
festivalContractaddress.
Impact:
High: This could break the whole functionality where the festival contract is referenced, leading to failed external calls always.
Recommended Mitigation
Add a check to ensure the _festival address is non-zero before assignment:
function setFestivalContract(address _festival) external onlyOwner {
+ require(_festival != address(0), "Invalid festival address");
require(festivalContract == address(0), "Festival contract already set"); //@audit cannot be reused for other festivals
festivalContract = _festival;
}
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Zero address check
Owner/admin is trusted / Zero address check - Informational
Rewards breakdown
nSLOC
234This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.