search

TangibleTNFT / tnftv2-audit

Tnftv2 repo for audit
0 stars 0 forks source link

[CFV-01S] Inexistent Sanitization of Input Addresses #3

Closed veljkoTNFT closed 6 months ago

veljkoTNFT commented 1 year ago

CFV-01S: Inexistent Sanitization of Input Addresses

Type Severity Location
Input Sanitization CurrencyFeedV2.sol:L86-L93, L100-L107

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

function setCurrencyFeed(
    string calldata _currency,
    AggregatorV3Interface _priceFeed
) external onlyFactoryOwner {
    currencyPriceFeeds[_currency] = _priceFeed;
    // set for iso
    currencyPriceFeedsISONum[ISOcurrencyCodeToNum[_currency]] = _priceFeed;
}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

veljkoTNFT commented 1 year ago

Won't fix

@omniscia-core nothing to fix here, it works as intended, 0 address can be value because we can sometimes disable a feed.