Summary

Inside the mip-m17.sol file, we can see a function called _deploy.

How it works is by first deploying the MErc20DelegateFixer.sol contract and after the deployment is being successful, it adds the address of newly created contract to by using:

    addresses.addAddress(
        "MERC20_BAD_DEBT_DELEGATE_FIXER_LOGIC",
        mErc20DelegateFixerAddress
    );

The same process is repeated for MErc20DelegateMadFixer.sol too.

Vulnerability Details

The vulnerability can be found inside the addAddress function that is implemented inside the Address.sol

  function _addAddress( 
    string memory name,
    address addr,
    uint256 _chainId  
) private {
    address currentAddress = _addresses[name][_chainId];

    require(
        currentAddress == address(0),
        string(
            abi.encodePacked(
                "Address: ",
                name,
                " already set on chain: ",
                _chainId.toString()
            )
        )
    );

    _addresses[name][_chainId] = addr;
    vm.label(addr, name);
}

We can see from the function that it doesn't prevent adding address0 as parameter when calling the method.

Impact

I would classify this as medium error, because it is not so likely the deployment of MErc20DelegateFixer.sol and MErc20DelegateMadFixer.sol to fail, but if it happen silently in the background it will break the deployment, because it will pass address 0 to addAddress

Tools Used

Manual finding

Recommendations

You can check if the addresses of mErc20DelegateFixerAddress and mErc20DelegateMadFixerAddress are != address 0 before adding them to the function call