Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing zero address validation upon setting guardian address

namx05

Summary

The constructor for setting the guardian address in the `TadleFactory.sol` lacks zero address validation and the absence of a mechanism to update the guardian address in the future.

Vulnerability Details

In the constructor, the guardian address is set directly without any checks to ensure it is a valid, non-zero address. Additionally, there is no mechanism in place to update the guardian address after the contract has been deployed.

constructor(address _guardian) {
guardian = _guardian; //@audit
}

Affected LoC:

Impact

If the constructor is called with a zero address as the guardian, the contract will be left with an invalid guardian, preventing any authorized user from calling the deployUpgradeableProxy function. This would hinder the deployment of upgradeable proxies, as no valid guardian would exist to perform this critical action.

Tools Used

Manual

Recommendations

To mitigate this issue, it is essential to include a validation check in the constructor to ensure that the guardian address is not set to the zero address.

constructor(address _guardian) {
require(_guardian != address(0), "Guardian address cannot be zero");
guardian = _guardian;
}
Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.