Submission Details
Impact:
Likelihood:
Address State Variable Set Without Checks
Root + Impact
Description
Check for address(0) when assigning values to address state variables.
1 Found Instances
Found in src/briVault.sol Line: 94
participationFeeAddress = _participationFeeAddress;
Risk
Likelihood:
The owner can forget setting the participationFeeAddress when deploying the contract
Impact:
Fees will not be able to be collected in the correct address
Recommended Mitigation
constructor (IERC20 _asset, uint256 _participationFeeBsp, uint256 _eventStartDate, address _participationFeeAddress, uint256 _minimumAmount, uint256 _eventEndDate) ERC4626 (_asset) ERC20("BriTechLabs", "BTT") Ownable(msg.sender) {
if (_participationFeeBsp > PARTICIPATIONFEEBSPMAX){
revert limiteExceede();
}
+ require(_feeAddress != address(0), "Participation fee address can't be zero");
participationFeeBsp = _participationFeeBsp;
eventStartDate = _eventStartDate;
eventEndDate = _eventEndDate;
participationFeeAddress = _participationFeeAddress;
minimumAmount = _minimumAmount;
_setWinner = false;
}
Updates
Appeal created
bube 19 days ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Missing Constructor Validation
This is owner action and the owner is assumed to be trusted and to provide correct input arguments.
Rewards breakdown
nSLOC
193This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.