40,000 USDC
View results
Submission Details
Severity: gas

[Discord Note] Missing zero address check

Summary

In the discord Patrick said, The arbiter can be the 0 address I would add this to the NatSpec because from the documentation it is not clear.

Previous submission:
Missing zero address check for arbiter. This is a low risk vulnerability. As a rule, there should always be checks to make sure that initialized addresses are never a zero address.

Vulnerability Details

Escrow.sol. #32-51

37: address arbiter,
49: i_arbiter = arbiter;

Tools Used

Manual Review.
Slither reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation.
Similarly: https://github.com/code-423n4/2021-07-spartan-findings/issues/144

Recommendations

Check the arbiter address is not zero.

if (arbiter == address(0)) revert Escrow__arbiterZeroAddress();

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.