stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

No input validation to ensure that the provided address is a valid contract address in the `setRESDLTokenBridge`

0xVinylDavyl

Vulnerability Details

The setRESDLTokenBridge function in the SDLPoolCCIPController contract lacks input validation to ensure that the provided address is a valid contract address. This absence of validation can result in unexpected behavior if an invalid or zero address is set as the bridge address.

Code

// SPDX-License-Identifier: MIT

pragma solidity 0.8.15;

abstract contract SDLPoolCCIPController is Ownable {

// ...

/**

* @notice Sets the address of the reSDL token bridge

* @param _reSDLTokenBridge address of reSDL token bridge

**/

function setRESDLTokenBridge(address _reSDLTokenBridge) external onlyOwner {

reSDLTokenBridge = _reSDLTokenBridge;

}

// ...

}

In the contract, the setRESDLTokenBridge function simply assigns the provided address to the reSDLTokenBridge variable without checking if the address is valid or non-zero.

Recommendations

Implement input validation in the setRESDLTokenBridge function to ensure that the provided address is a valid and non-zero contract address.
A require statement to check that the provided address is not zero and is a valid contract address, the contract ensures that only legitimate and functional bridge addresses can be set. This helps prevent unexpected behavior caused by setting an invalid or zero address.

Sample

function setRESDLTokenBridge(address _reSDLTokenBridge) external onlyOwner {

// Ensure the provided address is a valid and non-zero contract address

require(_reSDLTokenBridge != address(0) && Address.isContract(_reSDLTokenBridge), "Invalid bridge address");

// Set the reSDLTokenBridge address

reSDLTokenBridge = _reSDLTokenBridge;

}

Updates

Lead Judging Commences

0kage Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.