DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[L-1] Lack of address(0) check when assigning address to state variables

DarkTower

Instances(8)

FILE: 2023-09-ditto/contracts/facets/BridgeRouterFacet.sol
constructor(address _rethBridge, address _stethBridge) {
// + require(_rethBridge != address(0), "_rethBridge address cannot be 0");
// + require(_stethBridge != address(0), "_stethBridge address cannot be 0");
rethBridge = _rethBridge; // @audit add zero address check
stethBridge = _stethBridge; // @audit add zero address check
}

BridgeRouterFacet.sol#L28-#L29

FILE: 2023-09-ditto/contracts/facets/ExitShortFacet.sol
constructor(address _cusd) {
// + require(_cusd != address(0), "_cusd address cannot be 0");
cusd = _cusd; // @audit add zero address check
}

ExitShortFacet.sol#L30

FILE: 2023-09-ditto/contracts/facets/MarginCallPrimaryFacet.sol
constructor(address _cusd) {
// + require(_cusd != address(0), "_cusd address cannot be 0");
cusd = _cusd; // @audit add zero address check
}

MarginCallPrimaryFacet.sol#L30

FILE: 2023-09-ditto/contracts/facets/ShortRecordFacet.sol
constructor(address _cusd) {
// + require(_cusd != address(0), "_cusd address cannot be 0");
cusd = _cusd; // @audit add zero address check
}

ShortRecordFacet.sol#L26

FILE: 2023-09-ditto/contracts/factes/VaultFacet.sol
constructor(address _zeth) {
// + require(_zeth != address(0), "_zeth address cannot be 0");
carbonZeth = _zeth; // @audit add zero address check
}

VaultFacet.sol#L27

FILE: 2023-09-ditto/contracts/facets/YieldFacet.sol
constructor(address _ditto) {
// + require(_ditto != address(0), "_ditto address cannot be 0");
DITTO = IAsset(_ditto); // @audit add zero address check
}

YieldFacet.sol#L31

FILE: 2023-09-ditto/contracts/tokens/Asset.sol
constructor(address diamondAddr, string memory name, string memory symbol)
ERC20(name, symbol)
{
// + require(diamondAddr != address(0), "diamondAddr address cannot be 0");
diamond = diamondAddr; // @audit add zero address check
}

Asset.sol#L14

FILE: 2023-09-ditto/contracts/tokens/Ditto.sol
constructor(address diamondAddr) ERC20("Ditto", "DITTO") ERC20Permit("Ditto") {
// + require(diamond != address(0), "diamond address cannot be 0");
diamond = diamondAddr; // @audit add zero address check
}

Ditto.sol#L16

This poses a single point of failure risk for Ditto keeping in mind every of these state variables are set once and cannot be re-set. Consider adding proper validation/checks for these critical changes. Worst case scenario of these issues would render the contracts to be redeployed in the event of accidental errors to these immutable variable assignments.

Impact

Costly redeploy of contracts.

Tools Used

Manual review/ VsCode

Recommendations

Consider adding proper validation/checks for these critical state variable assignments

Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Zero address checks

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.