15,000 USDC
View results
Submission Details
Severity: low
Valid

Missing proper input validation when creating `DSCEngine`

Description

There are several issues when creating DSCEngine with regards to input validation

constructor(address[] memory tokenAddresses, address[] memory priceFeedAddresses, address dscAddress) {
// USD Price Feeds
if (tokenAddresses.length != priceFeedAddresses.length) {
revert DSCEngine__TokenAddressesAndPriceFeedAddressesMustBeSameLength();
}
// For example ETH / USD, BTC / USD, MKR / USD, etc
for (uint256 i = 0; i < tokenAddresses.length; i++) {
s_priceFeeds[tokenAddresses[i]] = priceFeedAddresses[i];
s_collateralTokens.push(tokenAddresses[i]);
}
i_dsc = DecentralizedStableCoin(dscAddress);
}
  • neither tokenAddresses nor priceFeedAddresses are checked that they actually do have an element in them, they can be empty lists

  • dscAddress as well as each address from tokenAddresses and priceFeedAddresses are not checked for zero address

  • both tokenAddresses and priceFeedAddresses allow duplicated elements

All of the above issues lead to sever project issues.

Recommend Mitigation

Implemented checks for all the mentioned issues.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.