Missing non-zero check

[code423n4]

Handle

@cmichelio

Vulnerability details

Vulnerability Details

The MapleGlobals.setPriceOracle should check that the oracle address is not zero.

Impact

A wrong call to this function might set the oracle address to the zero address and break core oracle functionality.

Recommended Mitigation Steps

Add a require(oracle != 0) statement.

[lucas-manuel]

Will address

[lucas-manuel]

We actually are not going to address this, we do not think this is a bug. The governor will manually verify non-zero addresses.

[Arachnid]

I think this warrants Likelihood=Low,Impact=Medium => Severity=Low. Unlike deployment misconfigurations, this mistake, while unlikely, would impact the running system, and it's easily defended against.