DatingDapp
AI First Flight #6
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

[H-1] Invalid Ownable Constructor Call in SoulboundProfileNFT

cybernerd

Root + Impact

Description

  • SoulboundProfileNFT should initialize ownership using OpenZeppelin Ownable behavior and allow proper deployment of contract owner privileges.

  • The constructor instead calls Ownable(msg.sender), which is invalid for OpenZeppelin Ownable and prevents the contract from compiling correctly.

constructor() ERC721("DatingDapp", "DTN") Ownable(@>msg.sender) {}

Risk

Likelihood:

  • Contract deployment will fail whenever this constructor path is compiled with OpenZeppelin Ownable.

  • Any downstream contracts depending on SoulboundProfileNFT will also be blocked from deployment.

Impact:

  • The contract cannot be deployed, making the entire NFT feature unusable.

  • Associated systems such as LikeRegistry cannot be initialized with a valid profile NFT address.

Proof of Concept

The constructor call is invalid for OpenZeppelin Ownable (which takes no parameters). Run the tests to see the compilation error:

forge test --match-path test/testSoulboundProfileNFT.t.sol

The contract fails to compile with:

Error: Ownable constructor does not accept parameters
--> src/SoulboundProfileNFT.sol:16:58
|
16 | constructor() ERC721("DatingDapp", "DTN") Ownable(msg.sender) {}
| ^^^^^^^^^^

Recommended Mitigation

Remove the invalid Ownable(msg.sender) call and rely on OpenZeppelin's default constructor behavior, which automatically sets msg.sender as the owner:

- constructor() ERC721("DatingDapp", "DTN") Ownable(msg.sender) {}
+ constructor() ERC721("DatingDapp", "DTN") {}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 7 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!