Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Zero Address Check in `GlobalConfigurationBranch.sol::initialize` Function

animeconsumer27

Summary:

The initialize function in the given smart contract lacks a zero address check for the tradingAccountToken and usdToken parameters. Without this check, the function could be called with one or both of these parameters set to the zero address (0x0000000000000000000000000000000000000000), which can lead to unintended behavior or vulnerabilities in the contract.

Impact:

TradingAccountToken and usdToken Malfunction: If either tradingAccountToken or usdToken is set to the zero address, any operations involving these tokens may fail, leading to unexpected behavior and potential loss of funds.

Tools Used: Manual review

Recommendations: To prevent this issue, it is recommended to add zero address checks for the tradingAccountToken and usdToken parameters in the initialize function

function initialize(address tradingAccountToken, address usdToken) external initializer {
+ if (usdToken == address(0)) {
+ revert Errors.ZeroInput("usdToken");
+ }
+ if (tradingAccountToken == address(0)) {
+ revert Errors.ZeroInput("tradingAccountToken");
+ }
GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();
globalConfiguration.tradingAccountToken = tradingAccountToken;
globalConfiguration.usdToken = usdToken;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.