Submission Details
Severity:
Lack of current address check before setting a new address
Summary
Lack of current address check before setting a new address.
Vulnerability Details
function setOwner(address _newOwner) external onlyOwner {
if (_newOwner == address(0)) revert InvalidZeroAddress();
owner = _newOwner;
}
function setRewardAdmin(address _rewardAdmin) external onlyOwner {
if (_rewardAdmin == address(0)) revert InvalidZeroAddress();
rewardAdmin = _rewardAdmin;
}
function addAuthorizedSablierSender(address _address) external onlyOwner {
authorizedSablierSenders[_address] = true;
}
In the provided functions setOwner, setRewardAdmin, and addAuthorizedSablierSender, there is no check to determine if the new address being set is the same as the current address.
Impact
If a function is called with the same address that is already set, it will still execute the state change operation, consuming gas unnecessarily.
Tools Used
Manual review
Recommendations
Implement a check in each function to compare the new address with the current address before proceeding with the state change. For example:
function setOwner(address _newOwner) external onlyOwner {
if (_newOwner == address(0)) revert InvalidZeroAddress();
if (_newOwner == owner) revert NoChangeInAddress();
owner = _newOwner;
}
function setRewardAdmin(address _rewardAdmin) external onlyOwner {
if (_rewardAdmin == address(0)) revert InvalidZeroAddress();
if (_rewardAdmin == rewardAdmin) revert NoChangeInAddress();
rewardAdmin = _rewardAdmin;
}
function addAuthorizedSablierSender(address _address) external onlyOwner {
if (authorizedSablierSenders[_address]) revert AlreadyAuthorized();
authorizedSablierSenders[_address] = true;
}
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
66230 USDC / LOC
16,000 USDC
2,500 USDC
1,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.