Setting updateWeightRunner to address(0) Disables Critical Functionality
Summary
According to the current implementation of the setUpdateWeightRunnerAddress if address (0) is passed as _updateWeightRunner to the function, possibly due to human error, the system will behave unpredictably or enter a broken state
Vulnerability Details
If the admin mistakenly passed address(0) as _updateWeightRunner if updateWeightRunner is use to point out to an important contract or responsible for executing some important actions this means the system will no longer be able to interact with that functionality
Impact
Unintentional Disabling:
If the admin mistakenly sets address(0), they could disable key functionality.Broken Logic:
Other parts of the system depending onupdateWeightRunnerwould break or misbehave, leading to the inconsistent or incorrect system behavior.
Tools Used
Manual review
Recommendations
Add a validation that prevents the setting of updateWeightRunner to address(0)
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.