Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Zero Address Check in `ZlpVault::initialize` Function

smartx

Vulnerability Details

The ZlpVault::initialize function does not include a check to validate that the provided marketMakingEngine, owner, and asset_ addresses are not zero addresses (address(0)). This could lead to unintended behavior, such as the contract approving transactions for an invalid address or assigning ownership to an invalid address, potentially causing a loss of control or malfunctioning of the contract.

Impact

  1. A zero address could unintentionally be used as the marketMakingEngine or owner, or as the asset_ token, leading to irreversible issues like loss of control or asset approval to an unintended address.

  2. The lack of validation on these critical addresses can disrupt contract operations, potentially resulting in unexpected behavior when interacting with other contract functions.

Tools Used

Manual review

Recommendations

Add checks to validate that the marketMakingEngine, owner, and asset_ addresses are not zero addresses (address(0)). These checks should revert or fail the transaction if any of these addresses is invalid.

require(marketMakingEngine != address(0), "Invalid marketMakingEngine address");
require(owner != address(0), "Invalid owner address");
require(address(asset_) != address(0), "Invalid asset address");
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.