Fjord Token Staking

Summary

The constructor's OR (||) condition for address validation can inadvertently allow zero addresses for critical variables, such as fjordToken, impacting contract functionality due to misconfiguration.

Vulnerability Details

During the contract's deployment, the constructor checks if any of the provided addresses are zero using an OR condition. This logic is intended to ensure that all critical addresses are valid. However, the OR condition only requires one of the conditions to be true for the entire expression to pass, meaning that if any one of the addresses is valid, the check can be bypassed, allowing other addresses to be set to zero. This is problematic for the fjordToken variable, as its immutability prevents any post-deployment correction, potentially rendering the contract unable to interact with the FJORD token.

Impact

If the contract is initialized with a zero address for fjordToken, the contract will be unable to perform essential operations such as staking, unstaking, and reward distribution. This misconfiguration can lead to a complete halt in contract functionality, affecting all users and stakeholders relying on the contract's operations.

Tools Used

Manual

Recommendations

To prevent this issue, replace the OR condition with an AND condition to ensure all addresses are checked individually. This will prevent any zero address from being set during initialization, maintaining the contract's integrity and functionality.