Beatland Festival
AI First Flight #4
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Missing zero address validation in constructor and critical setters

aditya41205

L-1: Missing zero address validation in constructor and critical setters

Description

The constructor and setOrganizer() function accept address parameters without validating they are not the zero address. If deployed or configured with address(0), critical contract functionality becomes permanently broken.

constructor(address _beatToken, address _organizer) ERC1155("ipfs://beatdrop/{id}") Ownable(msg.sender){
@> setOrganizer(_organizer); // No zero address check
@> beatToken = _beatToken; // No zero address check
}
function setOrganizer(address _organizer) public onlyOwner {
@> organizer = _organizer; // No zero address check
}

Risk

Likelihood: Low

  • Requires deployment error or malicious owner action

  • Typically caught during testing, but could occur in rushed deployments

Impact: Medium

  • If beatToken = address(0): all bonus minting and memorabilia redemption fail

  • If organizer = address(0): no performances or memorabilia collections can be created

  • Contract may need redeployment, losing all existing state

Recommended Mitigation

constructor(address _beatToken, address _organizer) ERC1155("ipfs://beatdrop/{id}") Ownable(msg.sender){
+ require(_beatToken != address(0), "Invalid beatToken address");
+ require(_organizer != address(0), "Invalid organizer address");
setOrganizer(_organizer);
beatToken = _beatToken;
}
function setOrganizer(address _organizer) public onlyOwner {
+ require(_organizer != address(0), "Invalid organizer address");
organizer = _organizer;
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 14 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!