Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing `address(0)` checks

paolinapetkova

Summary

Missing address(0) checks in the initialize() functions.

Vulnerability Details

In the initialize() functions the addresses are not checked if they are valid addresses. It’s a good practice to add require checks to ensure that addresses are not zero addresses (address(0)).

Impact

Attackers or malicious actors could try to initialize the contract with zero addresses if such checks are not present, potentially leading to denial of service or contract misconfiguration.

Tools Used

Manual review

Recommendations

Add require statements for each of the addresses to ensure they are valid and not the zero address.
For example add address(0) checks in PriorityPool::initialize function:

function initialize(
address _token,
address _stakingPool,
address _sdlPool,
uint128 _queueDepositMin,
uint128 _queueDepositMax
) public initializer {
__UUPSUpgradeable_init();
__Ownable_init();
__Pausable_init();
+ require(_token != address(0), "Invalid token address");
+ require(_stakingPool != address(0), "Invalid staking pool address");
+ require(_sdlPool != address(0), "Invalid SDL pool address");
token = IERC20Upgradeable(_token);
stakingPool = IStakingPool(_stakingPool);
sdlPool = ISDLPool(_sdlPool);
queueDepositMin = _queueDepositMin;
queueDepositMax = _queueDepositMax;
accounts.push(address(0));
token.safeIncreaseAllowance(_stakingPool, type(uint256).max);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.