DittoETH

Ditto
DeFiFoundryOracle
55,000 USDC
View results
Submission Details
Severity: medium
Invalid

Missing zero address check onlyValidBridge

Summary

Missing zero address check of modifier onlyValidBridge

Vulnerability Details

The 'onlyValidBridge' modifier currently lacks a verification process to confirm that the provided 'bridge' address is not a zero address.

Impact

While it may not directly lead to loss of funds or contract takeover like high severity vulnerabilities (e.g., reentrancy, overflow/underflow), it can still cause significant issues such as incorrect contract behavior, potential loss of funds due to incorrect asset management, and unexpected reverts, which can disrupt the normal operation of the contract and potentially lead to financial loss.

Tools Used

Manual

Recommendations

To resolve this issue, you should add a check in the 'onlyValidBridge' modifier to ensure that the 'bridge' address is not a zero address. This can be done by adding a condition that reverts the transaction if the 'bridge' address is equal to the zero address. Here is the updated code:

modifier onlyValidBridge(address bridge) {
require(bridge != address(0), "Bridge address cannot be 0");
if (s.bridge[bridge].vault == 0) revert Errors.InvalidBridge();
_;
}

This will ensure that the 'bridge' address is always a valid Ethereum address and not the zero address, which is typically used to burn tokens or indicate an error.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.