BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

No Validation of Constructor Parameters

jufel

Description:

The constructor accepts eventStartDate, eventEndDate, and participationFeeAddress without validating:

  1. eventStartDate is in the future

  2. eventEndDate > eventStartDate

  3. participationFeeAddress != address(0)

  4. minimumAmount is reasonable

Incorrect parameters would render the contract unusable.

Impact:

  • Contract could be deployed with invalid dates (end before start, dates in past)

  • Participation fees could be sent to zero address (burned)

  • Contract would need redeployment

Mitigation:

Add validation in constructor:

constructor(
IERC20 _asset,
uint256 _participationFeeBsp,
uint256 _eventStartDate,
address _participationFeeAddress,
uint256 _minimumAmount,
uint256 _eventEndDate
) ERC4626(_asset) ERC20("BriTechLabs", "BTT") Ownable(msg.sender) {
if (_participationFeeBsp > PARTICIPATIONFEEBSPMAX) {
revert limiteExceede();
}
require(_eventStartDate > block.timestamp, "Start date must be in future");
require(_eventEndDate > _eventStartDate, "End date must be after start date");
require(_participationFeeAddress != address(0), "Invalid fee address");
require(_minimumAmount > 0, "Minimum amount must be positive");
participationFeeBsp = _participationFeeBsp;
eventStartDate = _eventStartDate;
eventEndDate = _eventEndDate;
participationFeeAddress = _participationFeeAddress;
minimumAmount = _minimumAmount;
_setWinner = false;
}
Updates

Appeal created

bube Lead Judge 19 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Missing Constructor Validation

This is owner action and the owner is assumed to be trusted and to provide correct input arguments.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!