verifyfirst
commented
3 years ago deployer creates the daoVault. edgeCases like this are not considered important
Open code423n4 opened 3 years ago
verifyfirst
commented
3 years ago deployer creates the daoVault. edgeCases like this are not considered important
ghoul-sol
commented
3 years ago This is best practices, non-critical
Handle
heiho1
Vulnerability details
Impact
DaoVault.constructor(address))._base on line 16 does not check for zero address of _base. If BASE is to be treated as zero address, it should be positively checked. If not then it should be negatively checked.
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/DaoVault.sol#L17
Tools Used
Slither
Recommended Mitigation Steps
It appears from reading the code that the zero address is being treated as the BASE address...if this is case then _base should be required to be zero address. Note that it is also very atypical to use zero address in this fashion.