stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing zero address validation in `RESDLTokenBridge` Constructor

0xtheblackpanther

Summary

The RESDLTokenBridge contract is designed to handle the transfer of reSDL NFTs between primary and secondary chains. There is a potential vulnerability in the constructor, where it does not validate parameters for zero address checks.

Vulnerability Details

The constructor of the RESDLTokenBridge contract does not perform zero address checks for the input parameters (_linkToken, _sdlToken, _sdlPool, _sdlPoolCCIPController). This could lead to unintended issues, such as initializing the contract with invalid or zero addresses.

Code Snippet

constructor(address _linkToken, address _sdlToken, address _sdlPool, address _sdlPoolCCIPController) {

linkToken = IERC20(_linkToken);

sdlToken = IERC20(_sdlToken);

sdlPool = ISDLPool(_sdlPool);

sdlPoolCCIPController = ISDLPoolCCIPController(_sdlPoolCCIPController);

}

Impact

If the constructor is called with zero or invalid addresses, it could result in unexpected behavior and potential vulnerabilities in the contract. This may lead to a compromise of the bridge's functionality and pose a risk to the security of the overall system.

Tools Used

Manual review.

Recommendations

Zero Address Validation: Add explicit zero address validation checks in the constructor for all input parameters to ensure that the contract is not initialized with invalid addresses.

require(_linkToken != address(0), "Invalid LINK token address");

require(_sdlToken != address(0), "Invalid SDL token address");

require(_sdlPool != address(0), "Invalid SDL Pool address");

require(_sdlPoolCCIPController != address(0), "Invalid SDL Pool CCIP Controller address");

Input Validation Standardization: Consider implementing a standardized input validation approach across the contract to enhance overall security and reduce the risk of potential vulnerabilities.

It is recommended to address these issues promptly to enhance the security and reliability of the RESDLTokenBridge contract.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

0xtheblackpanther Submitter

over 1 year ago

0xtheblackpanther Submitter

over 1 year ago

0kage Lead Judge

over 1 year ago

0xtheblackpanther Submitter

over 1 year ago

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.