[Informational] Missing zero checks in the constructor of `bridge.ciaro` contract
Summary
The constructor function in the bridge.cairo initializes the contract state, setting up essential addresses and configuration parameters. It ensures that the contract is correctly set up with administrative and bridge addresses, along with class hash information for ERC721 tokens. There is no zero address check for the address passed.
Issues Identified:
Zero Address Check: The bridge_admin address is not validated for a zero address. Using a zero address could lead to security risks or functionality issues.
Bridge Address Check: The bridge_l1_address should be validated to ensure it is not zero to prevent potential misconfigurations or misuse.
Impact
Severity : Informational
Zero Address Risk: If bridge_admin or bridge_l1_address is a zero address, it could result in:
Loss of control over administrative functions.
Inability to properly route bridge transactions.
Potential security vulnerabilities if functions relying on these addresses are not safeguarded.
Contract Misconfiguration: Initializing with a zero address could lead to malfunctioning of contract operations, including the ERC721 bridging functionality, potentially impacting the entire bridge operation.
Recommendations
Add Zero Address Checks:
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.