Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Missing zero address check

SBSecurity

Summary

The addresses passed in constructors and functions aren’t checked for zero address.

Vulnerability Details

Missed zero address checks in the following code:

src\Staking.sol
31: constructor(address _token, address _weth) Ownable(msg.sender) {
TKN = IERC20(_token);
WETH = IERC20(_weth);
}
src\Fees.sol
19: constructor(address _weth, address _staking) {
WETH = _weth;
staking = _staking;
}
src\Lender.sol
100: function setFeeReceiver(address _feeReceiver) external onlyOwner {
feeReceiver = _feeReceiver;
}

Impact

Fees.sol and Staking.sol constructors don’t check for zero addresses, which will break the contract, becoming useless, and redeploying will be required to have a fully functional contract. As a result, these functions will become useless which will make the owner unable to receive his funds and lock fees from modifications.

Tools Used

Manual

Recommendations

Add checks for zero address.

src\Staking.sol
31: constructor(address _token, address _weth) Ownable(msg.sender) {
if (_token == address(0) || _weth == address(0)) {
revert NotValidToken();
}
TKN = IERC20(_token);
WETH = IERC20(_weth);
}
src\Fees.sol
19: constructor(address _weth, address _staking) {
if (_weth == address(0) || _staking == address(0)) {
revert NotValidToken();
}
WETH = _weth;
staking = _staking;
}
src\Lender.sol
100: function setFeeReceiver(address _feeReceiver) external onlyOwner {
if (_feeReceiver == address(0)) {
revert FeeReceiverCannotBeZeroAddress();
}
feeReceiver = _feeReceiver;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.