Submission Details
Severity:
In `Adminable::transferAdmin` function `newAdmin` must be checked for address(0) before updating.
Vulnerability Details
Since if admin once set at zero then admin can not be changed since only current admin can change it and it is set to zero. So to avoid this situation when admin is getting updated, we must ensure that admin must not be set at zero by placing the address(0) check before setting admin.
File : src/abstracts/Adminable.sol
function transferAdmin(address newAdmin) public virtual override onlyAdmin {
// Effect: update the admin.
admin = newAdmin;
// Log the transfer of the admin.
emit IAdminable.TransferAdmin({ oldAdmin: msg.sender, newAdmin: newAdmin });
}
https://github.com/Cyfrin/2024-05-Sablier/blob/main/v2-core/src/abstracts/Adminable.sol#L34-L40
Recommendation
Check newAdmin param for address(0) check before updating the admin with it.
File : src/abstracts/Adminable.sol
function transferAdmin(address newAdmin) public virtual override onlyAdmin {
+ if(newAdmin == address(0)) revert();
// Effect: update the admin.
admin = newAdmin;
// Log the transfer of the admin.
emit IAdminable.TransferAdmin({ oldAdmin: msg.sender, newAdmin: newAdmin });
}
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Total prize
53,440 USDC
nSLOC
2,65520 USDC / LOC
45,000 USDC
3,100 USDC
5,340 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.