Submission Details
Severity:
Missing check for `address(0)` when assigning values to `address` state variables
Summary
The code is not checking for address(0) when assigning a value to an address state variable.
Vulnerability Details
There are 5 instances of this issue.
File: src/Fees.sol
20: WETH = _weth;
21: staking = _staking;
| File Link | Instance Count | Instance Links |
|---|---|---|
| Fees.sol | 2 | 20,21 |
File: src/Lender.sol
101: feeReceiver = _feeReceiver;
| File Link | Instance Count | Instance Link |
|---|---|---|
| Lender.sol | 1 | 101 |
File: src/utils/Ownable.sol
15: owner = _owner;
20: owner = _owner;
| File Link | Instance Count | Instance Links |
|---|---|---|
| Ownable.sol | 2 | 15,20 |
Impact
Lack of zero-address validation on address parameters may lead to transaction reverts, wastes gas, may require resubmission of transactions, and may force contract redeployments in certain cases within the protocol.
Tools Used
baudit: a custom static code analysis tool; manual review
Recommendations
Consider adding explicit zero-address validation prior to assignment of a value to an address state variable.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628 USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.