OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

Zero Address Validation Missing in Order Creation

whoami

Root + Impact

Description

  • The contract should validate that buyers and sellers are not zero addresses to prevent loss of funds

  • The createSellOrder function doesn't validate that msg.sender is not the zero address, and buyOrder doesn't validate the buyer address

function createSellOrder(
address _tokenToSell,
uint256 _amountToSell,
uint256 _priceInUSDC,
uint256 _deadlineDuration
) public returns (uint256) {
// @> Missing validation: if (msg.sender == address(0)) revert InvalidAddress();
if (!allowedSellToken[_tokenToSell]) revert InvalidToken();
// ... rest of function
}

Risk

Likelihood:

  • High - No validation exists for zero addresses in critical functions

  • Orders can be created with zero address as seller theoretically

Impact:

  • Medium - Could lead to stuck funds if orders are created with invalid addresses

  • Potential for permanent loss of tokens in edge cases

Proof of Concept

// This would create an order with zero address as seller
// Leading to potential fund recovery issues

Recommended Mitigation

function createSellOrder(
address _tokenToSell,
uint256 _amountToSell,
uint256 _priceInUSDC,
uint256 _deadlineDuration
) public returns (uint256) {
+ if (msg.sender == address(0)) revert InvalidAddress();
if (!allowedSellToken[_tokenToSell]) revert InvalidToken();
// ... rest of function
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge
about 1 month ago
yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.