Lack of Zero Address Check in `setForwarder` Function in `BaseKeeper` Contract
Summary
The setForwarder function in the BaseKeeper contract lacks a check to ensure the provided forwarder address is not the zero address. This can potentially lead to a denial-of-service (DoS) condition due to the onlyForwarder modifier, which restricts function execution to the forwarder address.
Vulnerability Details
The setForwarder function is designed to update the forwarder address, which is used to restrict access to certain functions via the onlyForwarder modifier. However, the function does not check if the provided forwarder address is the zero address. If the zero address is set as the forwarder, any function protected by the onlyForwarder modifier will become unusable, as no transaction can originate from the zero address, effectively causing a denial-of-service (DoS).
Impact
The absence of a zero address check in the setForwarder function can lead to a denial-of-service (DoS) attack. Specifically, if the zero address is set as the forwarder, any function using the onlyForwarder modifier will become inaccessible. This can hinder the functionality of the BaseKeeper contract and any derived contracts relying on this mechanism.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, add a check in the setForwarder function to ensure the provided forwarder address is not the zero address.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.