Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: medium
Invalid

[H-3] FestivalPass::setOrganizer allows to set address(0)

emerjux

Root + Impact

Description

The public function FestivalPass::setOrganizer can be set to address(0) causing the FestivalPass NFT to render useless.

function setOrganizer(address _organizer) public onlyOwner {
require(_organizer != address(0), "Organizer cannot be zero address");
organizer = _organizer;
}

Risk

Likelihood:

  • The owner of the festival makes a mistake and adds 0 when setting an organizer

  • The disgrunted owner decides to set the orginizer to the address(0)

Impact:

  • The whole festival cannot do any operations required by the owner

Proof of Concept

Add the following test in FestivalPass.t.sol to confirm that the function FestivalPass::setOrganizer can effectively add the address(0) without any error

function test_SetOrganizer_ZeroAddress() public {
vm.expectRevert();
festivalPass.setOrganizer(address(0));
}

Recommended Mitigation

Add the require line in the public function FestivalPass::setOrganizer

function setOrganizer(address _organizer) public onlyOwner {
+ require(_organizer != address(0), "Organizer cannot be zero address");
organizer = _organizer;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Zero address check

Owner/admin is trusted / Zero address check - Informational

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.