Submission Details
Impact:
Likelihood:
Read-Only Getter Returns Data for Non-existent Transactions
Author Revealed upon completion
Root + Impact
Description
-
Normal behavior:
Users expect getters to return valid data only for existing transactions. -
Issue:
getTransaction()returns an empty struct for invalid IDs, which can mislead off-chain systems.
function getTransaction(uint256 transactionId)
external view
returns (Transaction memory)
{
return s_transactions[transactionId];
}
Risk
Likelihood:
-
Occurs whenever off-chain systems query invalid IDs
Occurs during indexing or UI pagination
Impact:
-
Incorrect UI state
Misleading analytics
Proof of Concept
getTransaction(999); // returns empty struct, not revert
Recommended Mitigation
+ require(
+ transactionId < s_transactionCount,
+ "Transaction does not exist"
+ );
Rewards breakdown
nSLOC
205This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.