Submission Details
Severity:
Missing checks for `address(0)` when assigning values to address state variables
Summary
Vulnerability Details
Missing checks for address(0) when assigning values to address state variables
File: contracts/bridges/BridgeReth.sol
22: diamond = diamondAddr;
File: contracts/bridges/BridgeSteth.sol
24: diamond = diamondAddr;
File: contracts/facets/BridgeRouterFacet.sol
28: rethBridge = _rethBridge;
29: stethBridge = _stethBridge;
File: contracts/facets/ExitShortFacet.sol
30: cusd = _cusd;
File: contracts/facets/MarginCallPrimaryFacet.sol
30: cusd = _cusd;
File: contracts/facets/ShortRecordFacet.sol
26: cusd = _cusd;
File: contracts/facets/VaultFacet.sol
27: carbonZeth = _zeth;
File: contracts/tokens/Asset.sol
14: diamond = diamondAddr;
File: contracts/tokens/Ditto.sol
16: diamond = diamondAddr;
Impact
This could lead to financial losses as the contract would have to be deployed again or leads to token being lost when sent to address(0)
Tools Used
Manual
Recommendations
Check for address(0) before setting critical variables
Prize pool breakdown
Total prize
55,000 USDC
nSLOC
3,36516 USDC / LOC
50,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.