No Validation of assetToPay (Trustee.sol)
Summary:
Hi,
I found out the potential vulnerability in the contract 'Trustee.sol' in which the function assetToPay allows the trustee to set any address without validation.
Vulnerability Details:
The key details of this potential bug can be given as the follows:
In this contract, setAssetToPay function allows the trustee to set the address without validation. Means assetToPay could be set to address(0) or invalid address and if assetToPay == address(0), logic in inheriting contracts interacts with assetToPay, the token transfers will fail.
Impact:
It can lead to loss of funds or other security issues in inheriting contract.
Tools Used:
Manual Code Analysis
Recommendations:
Implement a zero address check for the function to make sure Trustee of the contract cannot set it to address(0) or some malicious address. The sample code for implementation can be given below:
Lead Judging Commences
global asset in NFT values
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.