Zero Address Issue in `claimFromFactory`
c4-bot-1 opened this issue · 0 comments
Lines of code
Vulnerability details
Description
The claimFromFactory function is designed to allow users to claim art tokens from the Phi Factory contract. The function accepts several parameters, including the minter_, ref_, and verifier_ addresses, which play important roles in the minting and referral process. However, the function lacks proper validation for these addresses, particularly the zero address (address(0)), which represents an invalid or uninitialized address in Solidity.
If minter_ is set to address(0), the function would attempt to mint tokens to this invalid address. Since address(0) cannot hold tokens, these tokens would effectively be burned or lost, resulting in an irreversible loss for the user.
If ref_ or verifier_ is set to address(0), the logic related to referral rewards and verification could fail silently or produce incorrect results. The referral system might fail to credit the correct rewards to the intended party. The intended verifier might not be properly credited, which could undermine the verification process.
The absence of validation for these addresses could allow for systemic disruptions. For instance, if multiple transactions pass zero addresses, it could corrupt the state of the contract, making it difficult to trace or rectify errors. An attacker could exploit this vulnerability by deliberately passing zero addresses to disrupt the normal operation of the contract. For example, by using address(0) as the minter_, they could cause the system to burn tokens that were intended for a legitimate user.
Impact
Users could lose tokens or funds if minter_ is set to address(0), leading to tokens being burned or sent to an invalid address. The effectiveness of the referral and verification systems could be compromised, leading to incorrect reward distribution and validation processes.
Tools Used
Manual Review
Recommendation
Before proceeding with any operations, the function should validate that minter_, ref_, and verifier_ are non-zero addresses. If any of these are address(0), the function should revert with an appropriate error message.
Assessed type
Invalid Validation