Submission Details
Severity:
Unchecked value of owner_
Summary
parameter owner_ if called with address(0) can cause the whole contract to be usefull and functions that have modify onlyOwner to be unusable
Vulnerability Details
Missing checks for owner_
/**
* @dev Initializes the AaveDIVAWrapper contract with the addresses of DIVA Protocol, Aave V3's Pool
* contract and the owner of the contract.
* @param diva_ Address of the DIVA Protocol contract.
* @param aaveV3Pool_ Address of the Aave V3 Pool contract.
* @param owner_ Address of the owner for the contract, who will be entitled to claim the yield.
* Retrievable via Ownable's `owner()` function or this contract's `getContractDetails` functions.
*/
constructor(address diva_, address aaveV3Pool_, address owner_) Ownable(owner_) {
// Validate that none of the input addresses is zero to prevent unintended initialization with default addresses.
// Zero address check on `owner_` is performed in the OpenZeppelin's `Ownable` contract.
if (diva_ == address(0) || aaveV3Pool_ == address(0)) {
revert ZeroAddress();
}
// Store the addresses of DIVA Protocol and Aave V3 in storage.
_diva = diva_;
_aaveV3Pool = aaveV3Pool_;
}
Impact
Medium
Causing unusable functions that have onlyOwner modifier
Tools Used
Manual
Recommendations
add check for zero address
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
51929
USDC / LOC
14,000
1,000
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.