DeFiFoundrySolidity
16,653 OP
View results
Submission Details
Severity: low
Invalid

Missing Validation For _router In setRouter function

Summary

While the setRouter() function is restricted by the onlyMnagement modifier, missing validation for _router is still a concern because access control alone does not guarantee safe input or prevent mistakes.

Vulnerability Details

Missing Router Address Validation

Impact

  1. Human Error by Authorized Management

  • Even trusted management accounts can make mistake such as:

  • Setting _router to address(0) (the zero address), which would render the contract non-functional.

  • Inputting an incorrect bor malicious address unintentionally.

  1. Defense-in-Depth

  • Validation acts an additional safeguard, ensuring the _router address is explicitly verified before making critical state change.

  • This is particularly important for contracts with dealing with financial transactions or interacting with external systems.

Tools Used

Manual review

Recommendations

Add a simple validation check

require(_router != address(0), "Router address cannot be zero");
Updates

Appeal created

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.