0xBrian
commented
3 years ago Not sure when it was added, but this was done.
Open code423n4 opened 3 years ago
0xBrian
commented
3 years ago Not sure when it was added, but this was done.
Handle
0xRajeev
Vulnerability details
Impact
Instead of performing a zero-address check in moveRewardAddress on L146 or L152, it is more efficient to do so in newAddressProposal() as soon as the new address is proposed, instead of allowing a proposal for zero-address which goes through the whole voting process. If there is a requirement for zero-address proposals, it should be specified explicitly.
Depending on the participation in the voting process, this will save significant amount of gas for all the participants.
Proof of Concept
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/DAO.sol#L69-L74
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/DAO.sol#L144-L154
Tools Used
Manual Analysis
Recommended Mitigation Steps
Perform input validation of zero-address in newAddressProposal() for proposedAddress parameter.