Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

No Zero Address Checks in the Constructor parameters (initialAdmin and initialNFTDescriptor parameters) of SablierFlow contract

yeboahnat99

Summary

No Zero Address Checks in the Constructor in SablierFlow (initialAdmin and initialNFTDescriptor parameters)

Vulnerability Details

https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/SablierFlow.sol#L42-L42

contract SablierFlow is
......................
constructor(
address initialAdmin,
IFlowNFTDescriptor initialNFTDescriptor
)
ERC721("Sablier Flow NFT", "SAB-FLOW")
SablierFlowBase(initialAdmin, initialNFTDescriptor)
@>> { }

Impact

There will be no admin in the protocol. Also the initialNFTDescriptor will be zero making tokenURI return an empty string .

Tools Used

Manual Review

Recommendations

Add a zero address checks in the constructor.
In the
https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/SablierFlow.sol#L39-L47

constructor(
// @ audit check the initialAdmin is not Address 0
// @ audit add a zero Address check to initialAdmin
address initialAdmin,
IFlowNFTDescriptor initialNFTDescriptor
)
ERC721("Sablier Flow NFT", "SAB-FLOW")
SablierFlowBase(initialAdmin, initialNFTDescriptor)
{
+ if (initialAdmin == address(0) && address(initialNFTDescriptor) == address(0)) {
+ revert();
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.