Missing Zero Address Check in ShipmentPlanner.sol
Summary
The ShipmentPlanner.sol contract in the Beanstalk project lacks a check for the zero address for the beanstalkAddress parameter in the constructor function. This can lead to errors if beanstalkAddress is the zero address, causing transactions to revert when calling other functions in the contract.
Vulnerability Details
The ShipmentPlanner.sol contract uses a beanstalk variable of type IBeanstalk to interact with the main Beanstalk contract. This variable is initialized in the constructor with the beanstalkAddress that is passed in. However, the constructor does not check if beanstalkAddress is the zero address.
If beanstalkAddress is the zero address, the beanstalk variable will point to a non-existent contract. When other functions in ShipmentPlanner.sol (such as getBarnPlan and getFieldPlan) call functions of beanstalk, the transaction will revert with an error "call to non-contract".
Impact
If a user calls the getBarnPlan or getFieldPlan functions after the ShipmentPlanner.sol contract is initialized with beanstalkAddress as the zero address, the transaction will revert, causing the user to waste gas.
Tools Used
Manual Code Review
Recommendations
require check should be added to the constructor to ensure that beanstalkAddress is not the zero address:
Lead Judging Commences
Informational/Gas
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.