Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

One-Shot to Zero — BEAT Mint/Burn Locked Forever

rootkit677

One-Shot to Zero — BEAT Mint/Burn Locked Forever

Description

  • Normal behaviour: The owner calls setFestivalContract() once to authorise the FestivalPass contract to mint/burn BEAT tokens.

  • Issue: The function guards against re-assignment but not against setting the address to zero. If the owner mistakenly passes address(0), the token is permanently bricked because the setter can only be invoked when festivalContract == address(0).

function setFestivalContract(address _festival) external onlyOwner {
require(festivalContract == address(0), "Festival contract already set");
@> festivalContract = _festival; // zero allowed
}

Risk

Likelihood:

  • Deployment scripts might forget to supply the argument, defaulting to zero.

  • Manual invocation could be typo-ed.

Impact:

  • No contract is authorised to call mint or burnFrom ⇒ BEAT utility is lost.

  • Requires redeploying the token and migrating balances.

Proof of Concept

beatToken.setFestivalContract(address(0)); // accepted
BeatToken(…address).mint(user, 1); // reverts Only_Festival_Mint

Recommended Mitigation

function setFestivalContract(address _festival) external onlyOwner {
require(festivalContract == address(0), "Festival contract already set");
+ require(_festival != address(0), "Zero address");
festivalContract = _festival;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Zero address check

Owner/admin is trusted / Zero address check - Informational

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.