Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

b0g0_ctf - Lack of Zero Address Check in deposit Function #32

Open
Chidubemkingsley opened this issue Aug 12, 2024 · 1 comment
Open

b0g0_ctf - Lack of Zero Address Check in deposit Function #32

Chidubemkingsley opened this issue Aug 12, 2024 · 1 comment
Labels
invalid This doesn't seem right

Comments

@Chidubemkingsley
Copy link

Severity: Medium

Vulnerability Details:
The deposit function does not check if the msg.sender is the zero address (address(0)). Although it is unlikely in practice, if this occurs, the contract would mint an NFT to the zero address, potentially leading to issues in tracking ownership.

Proof of Code:

_mint(msg.sender, newTokenId);

Impact:
The contract would mint an NFT to the zero address, potentially leading to issues in tracking ownership.

Recommendation
Add a check to ensure that msg.sender is not the zero address before minting the NFT.

require(msg.sender != address(0), "Invalid address");
@BogoCvetkov
Copy link
Collaborator

msg.sender cannot be address(0)

@BogoCvetkov BogoCvetkov added invalid This doesn't seem right and removed invalid This doesn't seem right labels Aug 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BogoCvetkov @Chidubemkingsley