Description:Description\
The function setTapToken is responsible for setting the TAP token address used by the contract. The function allows only the contract owner to set this address, ensuring control over the token configuration. However, the original implementation does not validate the input address, which could lead to setting an invalid (zero) address, potentially breaking the contract's functionality.
/// @notice Sets the TAP token address
/// @param _tapToken The TAP token address
function setTapToken(address _tapToken) external onlyOwner {
tapToken = IERC20(_tapToken);
}
it have to be
/// @notice Sets the TAP token address
/// @param _tapToken The TAP token address
function setTapToken(address _tapToken) external onlyOwner {
require(_tapToken != address(0), "Invalid token address");
tapToken = IERC20(_tapToken);
}
Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0x9a47db8d083967ecd56a9dd34740adc19bbd6851f0e3a032ffac6648d6f1ecb2 Severity: medium
Description: Description\ The function
setTapToken
is responsible for setting the TAP token address used by the contract. The function allows only the contract owner to set this address, ensuring control over the token configuration. However, the original implementation does not validate the input address, which could lead to setting an invalid (zero) address, potentially breaking the contract's functionality.Attack Scenario\
Attachments
setTapToken