Missing zero address check can set diamond to zero
Vulnerability Details
-
Vulnerability ID: M-01
-
Location: In
BridgeReth.sol:22, the contract sets thediamondvariable using the value passed in thediamondAddrparameter of the constructor. There is no check to ensure that thediamondAddris not the zero address.constructor(IRocketStorage rocketStorageAddress, address diamondAddr) {rocketStorage = IRocketStorage(rocketStorageAddress);diamond = diamondAddr;RETH_TYPEHASH = keccak256(abi.encodePacked("contract.address", "rocketTokenRETH"));ROCKET_DEPOSIT_POOL_TYPEHASH =keccak256(abi.encodePacked("contract.address", "rocketDepositPool"));}
Impact
The vulnerability poses a risk because if the zero address is accidentally passed as the diamondAddr when the contract is deployed, it could potentially lead to unintended behavior or exploitation.
Tools Used
Manual Review
Recommendations
-
Recommendation: Add a check within the constructor to revert the transaction if the zero address is passed as the
diamondAddr. The recommended implementation is:require(diamondAddr != address(0), "diamondAddr cannot be the zero address");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.