search

code-423n4 / 2021-06-gro-findings

0 stars 1 forks source link

Lack of non-zero address check in `setWithdrawHandler` #118

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

The setWithdrawHandler function of Controller does not check that the provided parameter _emergencyHandler is non-zero. However, a similar parameter _withdrawHandler is checked.

Proof of Concept

Referenced code: Controller.sol#L105-L110

Recommended Mitigation Steps

Add require(_emergencyHandler != address(0), "setWithdrawHandler: 0x"); after line 106.

kitty-the-kat commented 3 years ago

5

ghoul-sol commented 3 years ago

Duplicate of #5