Constructor does not check if addresses are valid, only if the length of tokenAddresses
and priceFeedAddresses
is the same.
Setting an invalid address either for tokenAddresses
or priceFeedAddresses
will pass silently as long as there are the same amount on both arrays but will leave the contract unusable since the constructor is not doing any other checks.
some Pricefeeds and tokenAddresses will be unusable since they are not valid
Manual review
add some checks at the constructor at least to see if not zero or the true tokens or price tokens.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.