search

code-423n4 / 2024-03-abracadabra-money-findings

9 stars 7 forks source link

BLAST_POINTS_OPERATOR might be wrong #174

Closed c4-bot-4 closed 7 months ago

c4-bot-4 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-03-abracadabra-money/blob/1f4693fdbf33e9ad28132643e2d6f7635834c6c6/src/blast/libraries/BlastPoints.sol#L7

Vulnerability details

Impact

The following address for BLAST_POINTS_OPERATOR in the library is hardcoded constant, however when checking it on the blockexplorer of Blast, I couldn't associate it with anything. If it is wrong, then it would lead to the contracts calling this library to fail their calls.

Proof of Concept

Missing data about this address on Blast explorer

Tools Used

Manual review

Recommended Mitigation Steps

Consider double checking if the address is valid

Assessed type

Library

c4-pre-sort commented 8 months ago

141345 marked the issue as insufficient quality report

c4-judge commented 7 months ago

thereksfour marked the issue as unsatisfactory: Invalid