raymogg
commented
3 years ago This ticket covers topics that are duplicates of #136 (non zero address checks) and also #102 (percent value limits)
Closed code423n4 closed 3 years ago
raymogg
commented
3 years ago This ticket covers topics that are duplicates of #136 (non zero address checks) and also #102 (percent value limits)
Handle
cmichel
Vulnerability details
Some parameters of functions are not checked for invalid values:
TracerPerpetualSwaps.constructor: The addresses can be checked for non-zero. Percentage values likefeeRate,_deleveragingCliff,_insurancePoolSwitchStageshould be checked to be less than 100% (1e18)OracleAdapter.constructor: The addresses can be checked for non-zero.Impact
A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
Recommended Mitigation Steps
Validate the parameters.