15,000 USDC
View results
Submission Details
Severity: low
Valid

Unvalidated Token and Pricefeed Addresses: A Risk to Smart Contract Functionality

Summary

Constructor does not check if addresses are valid, only if the length of tokenAddresses and priceFeedAddresses is the same.

Vulnerability Details

Setting an invalid address either for tokenAddresses or priceFeedAddresses will pass silently as long as there are the same amount on both arrays but will leave the contract unusable since the constructor is not doing any other checks.

Impact

some Pricefeeds and tokenAddresses will be unusable since they are not valid

Tools Used

Manual review

Recommendations

add some checks at the constructor at least to see if not zero or the true tokens or price tokens.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.