Missing zero address validations
Summary
Functions Ownable.transferOwnership, Fees.constructor, and Lender.setFeeReceiver lack zero value checks on address parameters.
Vulnerability Details
A zero-check is a check that ensures that a parameter is not equal to the zero address (0x0). This is important because the zero address is a special address in the Ethereum ecosystem that represents an uninitialized or null address. Sending funds or assigning ownership to the zero address can result in the loss of funds or control over the contract.
In the case of the Ownable, Fees, and Lender contracts, the transferOwnership, constructor, and setFeeReceiver functions, respectively, do not perform zero-checks. This means that it is possible to accidentally set these parameters to the zero address, which could result in unexpected behavior or loss of control over the contract.
Impact
Sending funds or assigning ownership to the zero address can result in the loss of funds or control over the contract
Tools Used
The vulnerabilities were identified through manual code review and Slither.
Recommendations
check for any parameters of data type address to ensure that they are not equal to the zero address (address(0)). If any of these parameters are equal to the zero address, the function should revert with an appropriate error message.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.