The festivalContract
can be set only once due to this check:
Likelihood:
If the owner mistakenly sets the wrong address, the function becomes unusable forever, leading to a locked system.
Impact:
Impact 1: Permanent locking of mint/burn features if incorrect address is set.
Impact 2: No flexibility for contract upgrades or emergency changes.
Consider allowing the owner to update it with proper authorization:
function updateFestivalContract(address _new) external onlyOwner {
require(_new != address(0), "Zero address");
festivalContract = _new;
}
This is intended. It's done like that because the festival contract requires beat token's address and vice versa.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.