Missing zero address checks in constructors
Summary
No checks for WETH and staking addresses in Fees.sol constructor and no checks in Staking.sol's constructor
Vulnerability Details
Address 0 checks should be implemented for WETH and staking immutable variables in the constructor of Fees.sol. The constructor only assigns the user passed values to the immutable state variables. Since they are immutable they can not be changed post deployment so it is important to check for errors such as address(0) check.In Staking.sol the constructor sets the staking token TKN and reward token WETH and again there are no zero address checks.
Impact
Potentially deploying with wrong values due to mistake
Tools Used
Manual Review
Recommendations
Consider adding the following checks in the constructor of Fees.sol
require(_weth != address(0),"Address(0) provided")
require(staking != address(0),"Address(0) provided")
or define a new custom error in Errors.sol like "error Address(0) provided()"
and then the statements will look like
if(_weth == address(0)) revert Address(0) provided();
if(_staking == address(0)) revert Address(0) provided(); or combine them both using the && operator (this costs more gas)
Consider adding the following checks in Staking.sol
if(_token == address(0)) revert Address(0) provided();
if(_weth == address(0)) revert Address(0) provided(); or combine them both using the && operator (this costs more gas)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.