Submission Details
Severity:
[L-3] Sanity Checks for critical parameters
Instances(2)
FILE: 2023-09-ditto/contracts/facets/OwnerFacet.sol
function transferOwnership(address newOwner) external onlyDAO {
// + require(newOwner != address(0), "newOwner address cannot be 0");
s.ownerCandidate = newOwner; // @audit add zero address check
emit Events.NewOwnerCandidate(newOwner);
}
FILE: 2023-09-ditto/contracts/facets/OwnerFacet.sol
function transferAdminship(address newAdmin) external onlyAdminOrDAO {
// + require(newAdmin != address(0), "newAdmin address cannot be 0");
s.admin = newAdmin; // @audit add zero address check
emit Events.NewAdmin(newAdmin);
}
Impact
In the absence of sanity checks, sensitive/critical parameters can be configured to invalid values (for example; setting a zero address as a new owner candidate which can just be re-assigned to a valid address assuming the DAO/caller figures out the mistake immediately without days past), causing a variety of minor issues.
Tools Used
Manual review/ VsCode
Recommendations
Consider adding zero address checks for these critical changes.
Prize pool breakdown
Total prize
55,000 USDC
nSLOC
3,36516 USDC / LOC
50,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.