NFT Dealers

First Flight #58

Beginner FriendlyFoundry

100 EXP

View all submissions

Previous Next

Submission Details

Impact: low

Likelihood: high

Redundant Zero-Address Check on `msg.sender`

Author Revealed upon completion

Root + Impact

Description

Normal Behavior: Input validation is used to prevent errors or security breaches caused by invalid addresses (like address(0)). Usually, this is applied to addresses passed as arguments by the user.
Specific Issue: The mintNft function checks if msg.sender is address(0). In Solidity, msg.sender is globally defined by the EVM as the caller of the contract. Since a transaction must be signed by a valid account, msg.sender can never be the zero address.

function mintNft() external payable onlyWhenRevealed onlyWhitelisted {

@> if (msg.sender == address(0)) revert InvalidAddress();

// ...

}

Risk

Likelihood: High

This redundant check is executed every single time a user mints an NFT.

Impact: Low (Gas)

Impact 1: Wasted Gas. The contract performs a comparison operation and a conditional jump that can never be triggered. This costs roughly 20-50 gas per mint.
Impact 2: Code Clutter. Including impossible checks makes the codebase less professional and slightly harder to read for other auditors or developers.

Proof of Concept

Recommended Mitigation

Remove the redundant check.

Rewards breakdown

nSLOC

253

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!