Open code423n4 opened 3 years ago
cmichel
Some parameters of functions are not checked for invalid values:
BaseVaultAdaptor.constructor
LifeGuard3Pool.constructor
Buoy3Pool.constructor
PnL.constructor
Controllable.setController
newController != controller
A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
Validate the parameters.
Low risk/Non critical - Deployment script handles these cases, but good practice to have 0x checks to stop wasting gas and having to redeploy.
Handle
cmichel
Vulnerability details
Vulnerability Details
Some parameters of functions are not checked for invalid values:
BaseVaultAdaptor.constructor
: The addresses should be checked for non-zero valuesLifeGuard3Pool.constructor
: The addresses should be checked for non-zero valuesBuoy3Pool.constructor
: The addresses should be checked for non-zero valuesPnL.constructor
: The addresses should be checked for non-zero valuesControllable.setController
: Does not check thatnewController != controller
Impact
A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
Recommended Mitigation Steps
Validate the parameters.