Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of Zero Address Validation in transferAdmin Function

0xserpent

Description

location : /src/abstracts/Adminable.sol

The transferAdmin function allows the current admin to transfer administrative privileges to a new admin address. However, the function does not check whether the newAdmin address provided is the zero address (address(0)).

Relevant code :

function transferAdmin(address newAdmin) public virtual override onlyAdmin {
// Effect: update the admin.
admin = newAdmin;
// Log the transfer of the admin.
emit IAdminable.TransferAdmin({ oldAdmin: msg.sender, newAdmin: newAdmin });
}

Issue:

  • Setting Admin to Zero Address: If the admin mistakenly or maliciously sets the newAdmin to the zero address, the admin variable will be updated to address(0).

  • Loss of Administrative Access: Since the onlyAdmin modifier restricts access to functions by checking if (admin != msg.sender), and no account can have the address(0), all functions protected by onlyAdmin will become permanently inaccessible.

  • Irreversible Action: Once the admin is set to the zero address, there is no mechanism within the contract to recover administrative control.

Impact

  • Denial of Service: Critical administrative functions become permanently unusable, hindering contract maintenance, upgrades, or emergency interventions.

  • Loss of Control: The inability to perform essential admin functions can lead to the contract being locked in an undesirable state.

  • Security Risks: In the absence of administrative control, vulnerabilities discovered later cannot be patched, and contract parameters cannot be adjusted in response to changing conditions.

Recommendation

Add Validation to Prevent Setting Admin to Zero Address:

Modify the transferAdmin function to include a check that ensures the newAdmin address is not the zero address.

Revised Code:

function transferAdmin(address newAdmin) public virtual override onlyAdmin {
require(newAdmin != address(0), "Adminable: new admin is the zero address");
// Effect: update the admin.
admin = newAdmin;
// Log the transfer of the admin.
emit IAdminable.TransferAdmin({ oldAdmin: msg.sender, newAdmin: newAdmin });
}

Explanation

  • Require Statement: The require function checks that newAdmin is not address(0). If newAdmin is the zero address, the transaction reverts with a descriptive error message.

  • Preventing Loss of Access: By ensuring that the admin cannot be set to the zero address, the contract maintains administrative control, allowing ongoing management and upgrade capabilities.

Additional Considerations

  • Constructor Initialization: Ensure that the admin variable is properly initialized in the constructor of any contract that inherits from Adminable. Failing to set the admin address upon deployment can also result in the admin being the zero address.

    For example:

contract MyContract is Adminable {
constructor(address initialAdmin) {
require(initialAdmin != address(0), "MyContract: initial admin is the zero address");
admin = initialAdmin;
}
// ... rest of the contract ...
}

  • The TransferAdmin event already logs the change, which aids in transparency and off-chain monitoring. Ensure that all relevant events are properly emitted.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.