Submission Details
Severity:
Missing zero address check
Summary
L-2: Missing checks for address(0) when assigning values to address state variables
Vulnerability Details
-
Found in src/abstracts/Adminable.sol Line: 36
admin = newAdmin; -
Found in src/abstracts/SablierV2Lockup.sol Line: 55
admin = initialAdmin; -
Found in src/abstracts/SablierV2Lockup.sol Line: 56
nftDescriptor = initialNFTDescriptor; -
Found in src/abstracts/SablierV2Lockup.sol Line: 318
nftDescriptor = newNFTDescriptor;
This can be tested by applying the following fuzz test.
function testTransferAdminZeroAddress() public {
address zeroAddress = address(0);
vm.startPrank(admin);
adminable.transferAdmin(zeroAddress);
assertEq(adminable.admin(), zeroAddress);
}
Impact
Low
Tools Used
Aderyn + Manual Review
Recommendations
Check for address(0) when assigning values to address state variables.
function transferAdmin(address newAdmin) public virtual override onlyAdmin {
require(newAdmin != address(0), "Admin address cannot be 0!");
// Effect: update the admin.
admin = newAdmin;
// Log the transfer of the admin.
emit IAdminable.TransferAdmin({ oldAdmin: msg.sender, newAdmin: newAdmin });
}
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Total prize
53,440 USDC
nSLOC
2,65520 USDC / LOC
45,000 USDC
3,100 USDC
5,340 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.