Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Zero Address Check in setAssetToPay Function

0xbyteknight

Summary

The setAssetToPay function in the Trustee contract does not validate that the provided asset address is non-zero. This omission can lead to misconfigurations that disable fund transfers related to asset payments.

Vulnerability Details

The setAssetToPay function allows the trustee to set the asset used for payment without checking if the provided address is the zero address. Assigning the zero address can misconfigure the contract and prevent any subsequent fund transfers or operations that rely on a valid ERC20 token address. This issue is primarily a configuration risk and is less likely to be exploited maliciously since it would normally be caught during deployment or testing.

Impact

Direct Impact: Misconfiguration where the asset used for payments is set to the zero address, potentially disabling intended fund transfers.

Tools Used

Manual code review

Recommendations

Add a require statement in setAssetToPay to ensure that the asset address is not the zero address.

Example improvement:

function setAssetToPay(address _asset) external onlyTrustee {
require(_asset != address(0), "Invalid address: zero address");
assetToPay = _asset;
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xtimefliez Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.