Company Simulator
First Flight #51
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

[L-02] - Inconsistent use of `ZERO_ADDRESS` constant

agilegypsy

Root + Impact

Description

The Vyper language provides a built-in constant ZERO_ADDRESS for checking against the null address. The codebase uses this constant in some places but relies on a literal empty(address) check in others.

For example, in Cyfrin_Hub.vy:

  • The customer_engine state variable is checked using empty(self.customer_engine).

Using inconsistent methods for checking the zero address can lead to confusion, maintainability issues, and potential errors if the literal check is ever incorrectly implemented.

# Root cause in the codebase (Cyfrin_Hub.vy)
@external
@payable
def fund_cyfrin(action: uint256):
# ...
if action == 1:
# ...
if empty(self.customer_engine): # @> Uses empty() check
# ...

Risk

Likelihood: Low
The current implementation using empty(address) is functionally correct in Vyper.

Impact: Low
This is primarily a code quality and maintainability issue. It does not pose a direct security risk but violates the principle of least astonishment and consistent code style.

Proof of Concept

This is a code style issue. The current code is:

if empty(self.customer_engine):

The preferred, more explicit style is:

if self.customer_engine == ZERO_ADDRESS:

Recommended Mitigation

Replace all instances of empty(address) with a comparison against the built-in ZERO_ADDRESS constant for consistency and clarity.

@external
@payable
def fund_cyfrin(action: uint256):
# ...
if action == 1:
# ...
- if empty(self.customer_engine):
+ if self.customer_engine == ZERO_ADDRESS:
# ...
Updates

Lead Judging Commences

0xshaedyw Lead Judge
9 days ago
0xshaedyw Lead Judge 7 days ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.