Santa's List
AI First Flight #3
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

SantaToken constructor missing zero-address validation

aditya41205

[L-1] SantaToken constructor missing zero-address validation

Description

The SantaToken constructor accepts an address santasList parameter without validating it is non-zero. If deployed with address(0), all functions depending on i_santasList become unusable.

constructor(address santasList) {
i_santasList = santasList; // @> No zero-check
}

Risk

Likelihood:

  • Occurs if deployer passes address(0)

  • No revert/guard against invalid input

Impact:

  • Contract becomes permanently unusable

  • burn/mint functions revert on i_santasList access

Proof of Concept

function test_ZeroSantaListBreaksSantaToken() public {
address ZERO = address(0);
SantaToken badToken = new SantaToken(ZERO);
// Mint fails due to zero-address
vm.expectRevert();
badToken.mint(address(this));
}

Recommended Mitigation

constructor(address santasList) {
+ require(santasList != address(0), "SantasList cannot be zero");
i_santasList = santasList;
}

Files: src/SantaToken.sol:17
Severity: Low

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 16 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!