Algo Ssstablecoinsss

AI First Flight #2

Beginner FriendlyDeFi

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

L02 Missing constructor validation for critical addresses

adcdiii

Root + Impact

Description

Normal behavior: The constructor of the engine should validate all critical addresses (tokens, price feeds, DSC token) to ensure they are non‑zero and non‑duplicate, preventing deployment misconfiguration.
Issue: The current constructor does not validate these inputs; zero addresses or duplicates can be passed without reverting, leading to permanently broken mappings and collateral accounting.

// dsc_engine.vy (conceptual)

@external

def __init__(token_addresses: address[2], price_feeds: address[2], dsc_address: address):

self.token_addresses = token_addresses

self.price_feeds = price_feeds

self.dsc_address = dsc_address

# @> no checks for zero or duplicate addresses

Risk

Likelihood:

Reason 1 // Deployment scripts and environment variables are error‑prone; a single mis‑typed address or copy‑paste error is common.
Reason 2 // Multi‑environment setups (testnets, staging, mainnet) increase the chance of inconsistent or invalid configuration.

Impact:

Impact 1 // Zero addresses for tokens or feeds can cause runtime reverts and unfixable behavior in production, requiring a full redeploy and migration.
Impact 2 // Duplicate token addresses or feed mappings can lead to double‑counting or mis‑routing collateral value, silently breaking risk assumptions.

Proof of Concept

A misconfigured deployment passes a zero address as a collateral token:

Deployer invokes the constructor with token_addresses[0] = 0x0.
Contract deploys successfully without validation.
Any attempt to deposit or value that collateral will either revert or behave unpredictably.
Since the constructor cannot be called again, the only remedy is a full redeploy.

function testZeroAddressInConstructorLeadsToBrokenProtocol() public {

address[2] memory tokens = [address(0), address(weth)];

address[2] memory feeds = [address(priceFeed1), address(priceFeed2)];

// @> currently, this does not revert, deploying a broken engine

DSCEngine engine = new DSCEngine(tokens, feeds, address(dsc));

}

Recommended Mitigation

Add explicit assertions to the constructor for non‑zero and non‑duplicate addresses.

@external

def __init__(token_addresses: address[2], price_feeds: address[2], dsc_address: address):

+ assert token_addresses[0] != empty(address), "DSCEngine__ZeroAddress"

+ assert token_addresses[1] != empty(address), "DSCEngine__ZeroAddress"

+ assert token_addresses[0] != token_addresses[1], "DSCEngine__DuplicateToken"

+ assert dsc_address != empty(address), "DSCEngine__ZeroAddress"

self.token_addresses = token_addresses

self.price_feeds = price_feeds

self.dsc_address = dsc_address

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 10 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!