DittoETH

Summary

There are instances taking address inputs that do not validate check that address input is not address(0)

Vulnerability Details

Zero address validations have been ignored in constructors, functions having low level calls, critical address inputs or parameter changes. See some examples below and view them in links provided

• BridgReth.sol => constructor(IRocketStorage rocketStorageAddress, address diamondAddr)

• BirdgeReth.sol => function unstake(address to, uint256 amount) {...(bool sent,) = to.call{value: netBalance}("");}
  In above case if 'to' is input mistakenly as address(0) the low level call will pass resulting in burning of reth without the transfer of value to the correct intended address

• BridgeRouterFacet.sol => constructor(address _rethBridge, address _stethBridge) {...

• OwnerFacet.sol => function transferAdminship(address newAdmin) {...
  The above leads to admin being set to address(0) which can hinder functionality relying on admin if not picked up early to change it.

• VaultFacet.sol => constructor(address _zeth) { carbonZeth = _zeth;}

Impact

Lack of these checks can lead to misconfigured settings, loss of value to address(0), inappropriate burning tokens, loss of access controls as seen in examples above etc and other unexpected behaviours

Tools Used

Manual Analysis

Recommendations

Recommended to enforce where addresses are taken as inputs to ensure that zero address is not passed