Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing check for zero address in `PriceAdapter::initialize`

auditbyte

Vulnerability Details

In the initialize function of PriceAdapter contract, the __Ownable_init is initialised with params.owner. However there is no validation checks to ensure that params.owner is not a zero address. The absence of such validation could potentially result in the contracts being initialized without a designated Admin or owner, compromising the permission management system within these contracts and leaving the contracts vulnerable to unauthorized access and manipulation.

Code sample
src/utils/PriceAdapter.sol

function initialize(InitializeParams calldata params) external initializer {
__Ownable_init(params.owner);
name = params.name;
symbol = params.symbol;
priceFeed = params.priceFeed;
ethUsdPriceFeed = params.ethUsdPriceFeed;
sequencerUptimeFeed = params.sequencerUptimeFeed;
priceFeedHeartbeatSeconds = params.priceFeedHeartbeatSeconds;
ethUsdPriceFeedHeartbeatSeconds = params.ethUsdPriceFeedHeartbeatSeconds;
useEthPriceFeed = params.useEthPriceFeed;
}

Recommendations

Add validation of non zero address for params.owner in the PriceAdapter::initialize function

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!