alcueca
commented
3 years ago Zero-address checks are silly. Instead code your deployments in scripts, code on-chain tests for them, have the lot peer-reviewed, and deploy + test in a mainnet fork first.
Open code423n4 opened 3 years ago
alcueca
commented
3 years ago Zero-address checks are silly. Instead code your deployments in scripts, code on-chain tests for them, have the lot peer-reviewed, and deploy + test in a mainnet fork first.
ghoul-sol
commented
3 years ago I share sponsor's philosophy. Making this non-critical.
Handle
0xRajeev
Vulnerability details
Impact
Zero-address checks are missing in few places within constructors.
Proof of Concept
https://github.com/code-423n4/2021-08-yield/blob/4dc46470e616dd0cbd9db9b4742e36c4d809e02c/contracts/yieldspace/Strategy.sol#L74-L78
https://github.com/code-423n4/2021-08-yield/blob/4dc46470e616dd0cbd9db9b4742e36c4d809e02c/contracts/utils/EmergencyBrake.sol#L36-L37
https://github.com/code-423n4/2021-08-yield/blob/4dc46470e616dd0cbd9db9b4742e36c4d809e02c/contracts/utils/TimeLock.sol#L34-L35
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add zero-address checks as input validation for address parameters.