Submission Details
Severity:
Missing a check against `address(0)` in `GMXTrove`'s constructor
Summary
The constructor of GMXTrove needs to have a check against address(0) to avoid possible errors.
Vulnerability Details
When GMXTrove is deployed an address _vault is passed to its constructor. The current codebase does not check whether the passed _vault can be an address(0) or not.
constructor (address _vault) {
@> vault = IGMXVault(_vault);
GMXTypes.Store memory _store = vault.store();
// Set token approvals for this trove's vault contract
_store.tokenA.approve(address(vault), type(uint256).max);
_store.tokenB.approve(address(vault), type(uint256).max);
}
Impact
Funds could be permanently lost if sent to address(0) because lack of checking.
Tools Used
Manual Review
Recommendations
Add a check to make sure the value provided cannot be address(0).
constructor (address _vault) {
+ if (_vault == address(0)) revert Errors.ZeroAddressNotAllowed();
vault = IGMXVault(_vault);
GMXTypes.Store memory _store = vault.store();
// Set token approvals for this trove's vault contract
_store.tokenA.approve(address(vault), type(uint256).max);
_store.tokenB.approve(address(vault), type(uint256).max);
}
Prize pool breakdown
Total prize
35,000 USDC
nSLOC
2,28915 USDC / LOC
33,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.