Submission Details
Severity:
Missing Zero Address Check in Constructor
Description:
The constructor does not check if the initialAdmin and initialNFTDescriptor addresses are zero addresses.
Impact:
If zero addresses are passed as parameters, the contract could end up with invalid addresses for admin and NFT descriptor, leading to loss of functionality.
Proof of Concept:
The constructor does not validate the addresses:
constructor(
address initialAdmin,
ISablierV2NFTDescriptor initialNFTDescriptor,
uint256 maxSegmentCount
)
Recommended Mitigation:
Add checks to ensure the addresses are not zero.
constructor(
address initialAdmin,
ISablierV2NFTDescriptor initialNFTDescriptor,
uint256 maxSegmentCount
)
ERC721("Sablier V2 Lockup Dynamic NFT", "SAB-V2-LOCKUP-DYN")
SablierV2Lockup(initialAdmin, initialNFTDescriptor)
{
+ require(initialAdmin != address(0), "Invalid admin address");
+ require(address(initialNFTDescriptor) != address(0), "Invalid NFT descriptor address");
MAX_SEGMENT_COUNT = maxSegmentCount;
nextStreamId = 1;
}
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Total prize
53,440 USDC
nSLOC
2,65520 USDC / LOC
45,000 USDC
3,100 USDC
5,340 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.