stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing zero address check in constructor

jauvany

Summary:

Constructors often take address parameters to initialize important components of a contract, such as owner or linked contracts. However, without checking, there's a risk that an address parameter could be mistakenly set to the zero address (0x0). This could be due to an error or oversight during contract deployment. A zero address in a crucial role can cause serious issues, as it cannot perform actions like a normal address, and any funds sent to it will be irretrievable. It's therefore crucial to include a zero address check in constructors to prevent such potential problems. If a zero address is detected, the constructor should revert the transaction.

Vulnerability details

RESDLTokenBridge.sol ( #L59-L64 ):

constructor(
address _linkToken,
address _sdlToken,
address _sdlPool,
address _sdlPoolCCIPController
) {

RewardsInitiator.sol ( #L16 ):

constructor(address _stakingPool, address _sdlPoolCCIPController) {

SDLPoolCCIPController.sol ( #L41-L47 ):

constructor(
address _router,
address _linkToken,
address _sdlToken,
address _sdlPool,
uint256 _maxLINKFee
) CCIPReceiver(_router) {

SDLPoolCCIPControllerPrimary.sol ( #L40-L46 ):

constructor(
address _router,
address _linkToken,
address _sdlToken,
address _sdlPool,
uint256 _maxLINKFee
) SDLPoolCCIPController(_router, _linkToken, _sdlToken, _sdlPool, _maxLINKFee) {}

SDLPoolCCIPControllerSecondary.sol ( #L38-L47 ):

constructor(
address _router,
address _linkToken,
address _sdlToken,
address _sdlPool,
uint64 _primaryChainSelector,
address _primaryChainDestination,
uint256 _maxLINKFee,
bytes memory _extraArgs
) SDLPoolCCIPController(_router, _linkToken, _sdlToken, _sdlPool, _maxLINKFee) {

WrappedTokenBridge.sol ( #L60-L65 ):

constructor(
address _router,
address _linkToken,
address _token,
address _wrappedToken
) CCIPReceiver(_router) {

Tools Used

Manual Analysis

Updates

Lead Judging Commences

0kage Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.