Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing address(0) check in `FjordStaking::addAuthorizedSablierSender`

spomaria

Summary

The FjordStaking::addAuthorizedSablierSender sets an address as an authorized sablier sender.

Vulnerability Details

The FjordStaking::addAuthorizedSablierSender lacks address(0) check such that any address can be set as an authorized sablier sender. This implies that even address(0) can be set as an authorized salier sender as seen below and demonstrated in the Proof of Code.

function addAuthorizedSablierSender(address _address) external onlyOwner {

authorizedSablierSenders[_address] = true;

}

Here is the link to the above code snippet https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L357-L359

Impact

Because of the missing address(0) check, the address(0) can be set as an authorized sablier sender.

Tools Used

Manual Review

Foundry

Proof of Concept:

Call the FjordStaking::addAuthorizedSablierSender function parsing address(0) as the argument
check if address(0) is an authorized sablier sender to confirm that this is indeed true.

PoC

Place the following code into `bothUnstake.t.sol`.

function test_CanSetAddress0AsAuthorizedSablierSender() public {

address _addressZero = address(0);

address owner = fjordStaking.owner();

vm.prank(owner);

fjordStaking.addAuthorizedSablierSender(_addressZero);

assertEq(fjordStaking.authorizedSablierSenders(_addressZero), true);

}

Run the following command: forge test --match-test test_CanSetAddress0AsAuthorizedSablierSender

Output:

Ran 1 test for test/integration/bothUnstake.t.sol:BotUnstakeScenarios

[PASS] test_CanSetAddress0AsAuthorizedSablierSender() (gas: 35347)

Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.18s (15.00ms CPU time)

Ran 1 test suite in 1.31s (1.18s CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)

Recommendations

Add a zero address check to the FjordStaking::addAuthorizedSablierSender function as follows:

function addAuthorizedSablierSender(address _address) external onlyOwner {

+ if (_address == address(0)) revert InvalidZeroAddress();

authorizedSablierSenders[_address] = true;

}

This way, the address(0) can not be set as an authorized sablier sender.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.