Root + Impact

Description

• The setFestivalContract() function in BeatToken.sol allows the festival contract address to be set only once, enforced by:

  require(festivalContract == address(0), "Festival contract already set");

• This means that once an address is assigned—even accidentally—it cannot be changed.

• This creates an upgradability bottleneck: if the contract needs to migrate or if the deployer makes a mistake, the token contract becomes permanently tied to a single address.

Risk:

• Prevents the system from recovering if the original festivalContract is compromised or needs replacement.

• Freezes BEAT token minting and burning features, blocking major user flows like attendance rewards and memorabilia redemptions.

Likelihood:

• This issue will occur during deployment when the wrong address is accidentally assigned to festivalContract, locking the token contract to an incorrect or unusable contract.

• It is also likely during contract upgrades or redeployments, where the address of the new FestivalPass contract must be reassigned, but the hard restriction prevents it.

  
  
  

Impact:

• Break future integration posibilities.

• Prevents safe redeployment in the event of a bug in FestivalPass

Proof of Concept:

This demonstrates that the contract is intentionally immutable after the first festival is assigned. While this prevents re-use for future festivals, it's good to confirm whether this is a design decision or a potential limitation depending on intended use.

Recommended Mitigation:

Update the setFestivalContract function to allow future updates by ensuring only the owner can set a new, valid (non-zero) address, instead of permanently locking it after the first assignment. This improves flexibility in case the initial address needs to be corrected or upgraded.

This ensures that only the contract owner can update the festival contract address, while also preventing accidental assignment to the zero address.