Validation Missing for Zero Address in `setStarklaneL2Address` Function in State.sol
Summary
The setStarklaneL2Address function in the State.sol contract allows setting the Starklane L2 address to zero. This can lead to unexpected behavior or failures in functionalities relying on this address.
Vulnerability Details
The setStarklaneL2Address function does not currently prevent setting the Starklane L2 address to zero. This omission can cause disruptions in contract operations that depend on this address.
Steps to Reproduce
Deploy the
StarklaneStatecontract.Call the
setStarklaneL2Addressfunction with a zero address (0x0000000000000000000000000000000000000000).
Expected Behavior:
The function should revert with an appropriate error message when attempting to set the address to zero.
Actual Behavior:
The function allows setting the address to zero, which may cause failures or unintended behavior in contract operations relying on this address.
Impact
The contract relies on a valid Starklane L2 address for various operations. Setting it to zero can distrubs the intended functionality and lead to failures in cross-layer communication. Operations depending on the Starklane L2 address might fail or behave unpredictably if they encounter a zero address, leading to potential loss of service or data.
Tools Used
Manual code review
Recommendations
Add a validation check that is require statement to check that the address is not zero before updating the state variable.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.