Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

FestivalPass: No Check for Zero Address in setOrganizer

amro135ali

Root + Impact

Description

  • The setOrganizer(address _organizer) function allows the owner to set the organizer address.

    Explain the specific issue:

    • The function does not check if the new organizer address is the zero address, which could accidentally disable all organizer-only functionality.

    • If the organizer is set to address(0), all functions protected by onlyOrganizer become permanently inaccessible.

    • This could happen due to a mistake or malicious action by the owner.

// FestivalPass.sol
function setOrganizer(address _organizer) public onlyOwner {
@> organizer = _organizer;
}

Risk

Likelihood:

  1. This will occur if the owner mistakenly sets the organizer to address(0).

  1. This will occur if a malicious owner wants to disable the contract.

  1. This will occur if there is a bug in deployment scripts or upgrade logic.

  1. This will occur if the contract is forked or reused without proper checks.

Impact:

  1. All organizer-only functions become permanently inaccessible.

  1. Loss of contract functionality and user funds.

  1. Users may lose trust in the platform due to accidental or malicious disabling.

  1. The contract may require emergency migration or upgrade.

Proof of Concept

// Owner calls setOrganizer(address(0))

Recommended Mitigation

- organizer = _organizer;
+ require(_organizer != address(0), "Organizer cannot be zero address");
+ organizer = _organizer;
Updates

Lead Judging Commences

inallhonesty Lead Judge 25 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Zero address check

Owner/admin is trusted / Zero address check - Informational

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.