search

Gravita-Protocol / Gravita-SmartContracts

GNU General Public License v3.0
49 stars 31 forks source link

Missing `address(0)` checks #208

Closed rotcivegaf closed 1 year ago

rotcivegaf commented 1 year ago

Affected smart contract

File: contracts/GRVT/CommunityIssuance.sol

/// @audit: check `_grvtTokenAddress`, `_stabilityPoolAddress` and `_adminContract` addresses
47:  function setAddresses(
48:    address _grvtTokenAddress,
49:    address _stabilityPoolAddress,
50:    address _adminContract
51:  ) external initializer {
File: contracts/GRVT/GRVTStaking.sol

/// @audit: check `_grvtTokenAddress`, `_debtTokenAddress`, `_feeCollectorAddress`, `_vesselManagerAddress` address
 50:    function setAddresses(
 51:        address _grvtTokenAddress,
 52:        address _debtTokenAddress,
 53:        address _feeCollectorAddress,
 54:        address _vesselManagerAddress,
 55:        address _treasury
 56:    ) external initializer {

/// @audit: check `_treasury` address
166:    function changeTreasuryAddress(address _treasury) public onlyOwner {
File: contracts/GRVT/LockedGRVT.sol

/// @audit: check `_grvtAddress` address
37: function setAddresses(address _grvtAddress) public initializer onlyOwner {

81: function sendGRVTTokenToEntity(address _entity) private {
File: contracts/Proxy/BorrowerOperationsScript.sol

/// @audit: check `_borrowerOperations` address
09: constructor(IBorrowerOperations _borrowerOperations) {
File: contracts/Proxy/BorrowerWrappersScript.sol

/// @audit: check `_vesselManagerAddress` address
32: constructor(
33:     address _borrowerOperationsAddress,
34:     address _vesselManagerAddress,
35:     address _GRVTStakingAddress
36: ) BorrowerOperationsScript(IBorrowerOperations(_borrowerOperationsAddress)) GRVTStakingScript(_GRVTStakingAddress) {
File: contracts/Proxy/GRVTStakingScript.sol

/// @audit: check `_GRVTStakingAddress` address
09: constructor(address _GRVTStakingAddress) {
File: contracts/Proxy/StabilityPoolScript.sol

/// @audit: check `_stabilityPool` address
11: constructor(IStabilityPool _stabilityPool) {
File: contracts/Proxy/TokenScript.sol

/// @audit: check `_tokenAddress` address
12: constructor(address _tokenAddress) {
File: contracts/ActivePool.sol

/// @audit: check `_borrowerOperationsAddress`, `_collSurplusPoolAddress`, `_defaultPoolAddress`, `_stabilityPoolAddress`, `_vesselManagerAddress` and `_vesselManagerOperationsAddress` addresses
80: function setAddresses(
81:     address _borrowerOperationsAddress,
82:     address _collSurplusPoolAddress,
83:     address _defaultPoolAddress,
84:     address _stabilityPoolAddress,
85:     address _vesselManagerAddress,
86:     address _vesselManagerOperationsAddress
87: ) external initializer {
File: contracts/AdminContract.sol

/// @audit: check `_communityIssuanceAddress`, `_activePoolAddress`, `_defaultPoolAddress`, `_stabilityPoolAddress`, `_collSurplusPoolAddress`, `_priceFeedAddress`, `_shortTimelock` and `_longTimelock` addresses
111:    function setAddresses(
112:        address _communityIssuanceAddress,
113:        address _activePoolAddress,
114:        address _defaultPoolAddress,
115:        address _stabilityPoolAddress,
116:        address _collSurplusPoolAddress,
117:        address _priceFeedAddress,
118:        address _shortTimelock,
119:        address _longTimelock
120:    ) external onlyOwner {

/// @audit: check `_collateral` address
139:    function addNewCollateral(
140:        address _collateral,
141:        uint256 _debtTokenGasCompensation, // the gas compensation is initialized here as it won't be changed
142:        uint256 _decimals,
143:        bool _isWrapped
144:    ) external longTimelockOnly {

    function setCollateralParameters(
        address _collateral,
        uint256 newMCR,
        uint256 newCCR,
        uint256 minNetDebt,
        uint256 percentDivisor,
        uint256 borrowingFee,
        uint256 redemptionFeeFloor,
        uint256 mintCap
    ) public onlyOwner {
File: contracts/BorrowerOperations.sol

/// @audit: check `_vesselManagerAddress`, `_stabilityPoolAddress`, `_gasPoolAddress`, `_collSurplusPoolAddress`, `_sortedVesselsAddress`, `_debtTokenAddress`, `_feeCollectorAddress` and `_adminContractAddress` addresses
90: function setAddresses(
91:     address _vesselManagerAddress,
92:     address _stabilityPoolAddress,
93:     address _gasPoolAddress,
94:     address _collSurplusPoolAddress,
95:     address _sortedVesselsAddress,
96:     address _debtTokenAddress,
97:     address _feeCollectorAddress,
98:     address _adminContractAddress
99: ) external initializer {
File: contracts/CollSurplusPool.sol

/// @audit: check `_activePoolAddress`, `_borrowerOperationsAddress`, `_vesselManagerAddress` and `_vesselManagerOperationsAddress` addresses
28: function setAddresses(
29:     address _activePoolAddress,
30:     address _borrowerOperationsAddress,
31:     address _vesselManagerAddress,
32:     address _vesselManagerOperationsAddress
33: ) external initializer {
File: contracts/DebtToken.sol

/// @audit: check `_vesselManagerAddress`, `_stabilityPoolAddress`, `_borrowerOperationsAddress` and `_timelockAddress` addresses
41: constructor(
42:     address _vesselManagerAddress,
43:     address _stabilityPoolAddress,
44:     address _borrowerOperationsAddress,
45:     address _timelockAddress
46: ) ERC20("GRAI", "GRAI") {
File: contracts/DefaultPool.sol

/// @audit: check `_vesselManagerAddress` and `_activePoolAddress` addresses
31  function setAddresses(address _vesselManagerAddress, address _activePoolAddress) external initializer {
File: contracts/FeeCollector.sol

/// @audit: check `_borrowerOperationsAddress`, `_vesselManagerAddress`, `_grvtStakingAddress`, `_debtTokenAddress` and `_treasuryAddress` addresses
38: function setAddresses(
39:     address _borrowerOperationsAddress,
40:     address _vesselManagerAddress,
41:     address _grvtStakingAddress,
42:     address _debtTokenAddress,
43:     address _treasuryAddress,
44:     bool _routeToGRVTStaking
45: ) external initializer {

/// @audit: check `_grvtStakingAddress` address
61: function setGRVTStakingAddress(address _grvtStakingAddress) external onlyOwner {

/// @audit: check `_routeToGRVTStaking` address
66: function setRouteToGRVTStaking(bool _routeToGRVTStaking) external onlyOwner {
File: contracts/PriceFeed.sol

/// @audit: check `_adminContractAddress` and `_timelockAddress` addresses
47: function setAddresses(
48:     address _adminContractAddress,
49:     address _timelockAddress
50: ) external initializer {
File: contracts/SortedVessels.sol

/// @audit: check `_vesselManagerAddress` and `_vesselManagerAddress` addresses
72: function setAddresses(address _vesselManagerAddress, address _borrowerOperationsAddress) external initializer {
File: contracts/StabilityPool.sol

/// @audit: check `_borrowerOperationsAddress`, `_vesselManagerAddress`, `_activePoolAddress`, `_debtTokenAddress`, `_sortedVesselsAddress`, `_communityIssuanceAddress` and `_adminContractAddress` addresses
229:    function setAddresses(
230:        address _borrowerOperationsAddress,
231:        address _vesselManagerAddress,
232:        address _activePoolAddress,
233:        address _debtTokenAddress,
234:        address _sortedVesselsAddress,
235:        address _communityIssuanceAddress,
236:        address _adminContractAddress
237:    ) external initializer {
File: contracts/VesselManager.sol

/// @audit: check `_borrowerOperationsAddress`, `_stabilityPoolAddress`, `_gasPoolAddress`, `_collSurplusPoolAddress`, `_debtTokenAddress`, `_feeCollectorAddress`, `_sortedVesselsAddress`, `_vesselManagerOperationsAddress` and `_adminContractAddress` addresses
    function setAddresses(
        address _borrowerOperationsAddress,
        address _stabilityPoolAddress,
        address _gasPoolAddress,
        address _collSurplusPoolAddress,
        address _debtTokenAddress,
        address _feeCollectorAddress,
        address _sortedVesselsAddress,
        address _vesselManagerOperationsAddress,
        address _adminContractAddress
    ) external initializer {
File: contracts/VesselManagerOperations.sol

/// @audit: check `_vesselManagerAddress`, `_sortedVesselsAddress`, `_stabilityPoolAddress`, `_collSurplusPoolAddress`, `_debtTokenAddress` and `_adminContractAddress` addresses
57: function setAddresses(
58:     address _vesselManagerAddress,
59:     address _sortedVesselsAddress,
60:     address _stabilityPoolAddress,
61:     address _collSurplusPoolAddress,
62:     address _debtTokenAddress,
63:     address _adminContractAddress
64: ) external initializer {

Description

Not checking address(0) can lead to misconfiguration of contracts

Recommendation

Check the mentioned parameters

0xfornax commented 1 year ago

We appreciate the submission but the rules are clear that critiques of best practices would not be eligible.

rotcivegaf commented 1 year ago

I think it's low severity