[M-1] Certain functions lack zero address checks
Description: Certain functions fail to validate incoming arguments, so callers can accidentally set important state
variables like recipients and in Adminable::transferAdmin to the zero address. in ISablierV2LockupTranched.sol the
Requirements for createWithTimestamps(), createWithDurations() is "params.recipient must not be the zero address."
but there's no zero address checks, theres more functions need's to check if the value is zero address in v2-core and v2-priphery.
Impact:
callers can accidentally set important parameters to zero address or value.
The current admin transfer process involves the admin calling
Adminable::transferAdmin(). This function doesn’t
check the new admin is not the zero address and proceeds to write the new admin address into the admin state variable.
If the nominated EOA account is not a valid account, it is entirely possible the admin may accidentally transfer the
admin rule to an uncontrolled account, breaking all functions with the onlyAdmin() modifier.
Recommended Mitigation:
add zero address checks like require() or if() statements on all function arguments to ensure that users cannot
accidentally set incorrect values.
Lead Judging Commences
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.