Missing checks for address(0x0) when updating address state variables

[ptisserand]

See

function setL1L2CollectionMapping(
    address collectionL1,
    snaddress collectionL2,
    bool force
) external onlyOwner {
    _setL1L2AddressMapping(collectionL1, collectionL2, force);
    emit L1L2CollectionMappingUpdated(collectionL1, snaddress.unwrap(collectionL2));
}

Unit test must be provided

[PavitraAgarwal21]

@ptisserand love to take this up , when OD start

[ShantelPeters]

HI @ptisserand please i will love to work on this issue

[SoarinSkySagar]

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

GM, I am Sagar Rana, a smart contract developer and full stack engineer. I have 3 years of experience building robust full stack applications and over a year of writing smart contracts. You can see my projects and contributions to some major repos on my GitHub profile. The tech stack I use mainly includes Solidity, Rust, JavaScript and Typescript. I am also contributing to the Starknet and Rust ecosystems and building on Cairo language. I am interested in contributing to projects like this to learn more about these technologies and help make these projects better. Please assign me as I would be really glad to be a contributor in this project! :)

How I plan on tackling this issue

Hi @ptisserand, I would approach this issue by:

• Since there are two addresses being passed to the function, a check is required to ensure that collectionL1 and collectionL2 are not zero addresses
• This can be done using the require function inside the function:

  require(collectionL1 != address(0), "Collection L1 address cannot be zero");
  require(collectionL2 != address(0), "Collection L2 address cannot be zero");

• Write the unit test for the same

Tasks:

• [ ] Provide checks for zero addresses
• [ ] Write the unit test

ETA: 3 Hours

[aji70]

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

i'm a solidity and cairo smart contract developer with over 2 years experience and believe i have the skill set for the task

How I plan on tackling this issue

i would work around using a require statement or a modifier depending on how the case is

[ryzen-xp]

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

I'm a Solidity developer specializing in NFT marketplaces and decentralized apps, with experience in multi-token support and integrating blockchain protocols. My work on projects like Worldcoin-Bridge-Linea equips me to handle tasks like adding ERC-20 support efficiently.

How I plan on tackling this issue

To address the missing checks for address(0x0) in the setL1L2CollectionMapping function: 1.Add a check at the beginning of the function to ensure collectionL1 and collectionL2 are not address(0x0).2. If either address is 0x0, revert the transaction with an appropriate error message.3. Create unit tests to verify that the function correctly rejects 0x0 addresses and behaves as expected with valid inputs..

[DanielEmmanuel1]

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

Good day ArkProject My name is Deon and I'd like to apply formally for the task presented. I am a Web and blockchain engineer with a passion for building user interfaces and Dapps that deliver meaningful experiences. With a background in Computer Science (BSc) and hands-on experience. If given the chance to contribute this will be my second official contribution via onlydust and I'm confident in my ability to deliver on the feature you're looking for.

How I plan on tackling this issue

Firstly I will employ the following approach to solve the issue of checking for address zero in the setL1L2CollectionMapping and writing unit tests for it.

1. Understand the Contract Logic I will begin by analyzing the smart contract code to identify to fully understand how the contract logic works and the best approach to implement the solution. This include reviewing all functions involve and the whole contract for patterns.

2. Implement Address Zero Check Using Modifier or Explicitly Checking in the Function
   To prevent the use of the zero address, I will create a reusable modifier that ensures any function utilizing an address parameter verifies that the address is not the zero address before proceeding. This approach keeps the code concise and easily reusable across multiple functions. If the use of a modifier is not necessary, I'll do a direct check inside the function.

Apply the Modifier to the Function
I will apply this modifier to the function, ensuring that the function cannot be called with address zero as argument. If the modifier is not appropriate, I will add explicit checks within the function.

Write Unit Tests for Address Zero Scenario
I will write unit tests to verify the correct handling of zero address cases. These tests will cover both success cases (valid addresses) and failure cases (where the zero address is used).

Comprehensive Test Coverage I will ensure that every function interacting with addresses is fully tested, including both valid and invalid (zero address) cases. This ensures thorough coverage of all potential scenarios.

Final Report and Documentation After implementing the checks and tests, I will document the process, outlining where the address zero validation has been added and how it is tested. This documentation will also include details of the test cases, ensuring the contract’s security and robustness when handling addresses.

By following this approach, I aim to secure the contract against potential vulnerabilities related to the zero address, ensuring the correct behavior in the function.

[onlydustapp[bot]]

The maintainer ptisserand has assigned ryzen-xp to this issue via OnlyDust Platform. Good luck!

[ptisserand]

Fixed by #240