Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium

`ProxyFactory::constructor` does not prevent duplicate addresses of ERC20 tokens

hunter_w3b

Summary

The ProxyFactory::constructor of the contract does not prevent duplicate addresses of ERC20 tokens.

Vulnerability Details

The constructor of the ProxyFactory contract initializes the _whitelistedTokens array without verifying the presence of duplicate addresses.
This absence of validation in the initialization process may lead to unintended behavior or misuse.

constructor(address[] memory _whitelistedTokens) EIP712("ProxyFactory", "1") Ownable() {
if (_whitelistedTokens.length == 0) revert ProxyFactory__NoEmptyArray();
for (uint256 i; i < _whitelistedTokens.length;) {
if (_whitelistedTokens[i] == address(0)) revert ProxyFactory__NoZeroAddress();
whitelistedTokens[_whitelistedTokens[i]] = true;
unchecked {
i++;
}
}
}

Impact

This could result in incorrect functionality or unexpected behavior when Distributor::_distribute funtion check _isWhiteListed token of the contract and also the totalAmount of the erc20 token.

Tools Used

Manual Review

Recommendations

It is recommended to implement checks within the constructor to ensure that only unique addresses are added to relevant data structures. By verifying the uniqueness of addresses during initialization, the contract can operate as intended and reduce the risk of undesirable consequences.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.