Clearwood
commented
3 years ago I believe this to be a question of where this verification can happen, doing that on a contract level might add increased lines of codes and call costs, while verifying on a UI level whether these parameters are set correctly is less costly
ghoul-sol
Handle
leastwood
Vulnerability details
Impact
There are a number of functions lacking input validation, potentially causing the contracts to enter a state that disallows user interactions These functions include but are not limited to:
PostAuctionLauncher.constructor()MISOLauncher.deployLauncher()MISOLauncher.createLauncher()PostAuctionLauncher.initAuctionLauncher()GnosisSafeFactory.initGnosisVault()commitEth()of all auction contracts does not validate ifbeneficiary. May lead to unclaimable tokens.PostAuctionLauncher.initAuctionLauncher()to ensure token decimals are greater than zero.PostAuctionLauncher.initAuctionLauncher().Input validation is an essential process in limiting potentially wasteful functions from consuming unnecessary gas.
Proof of Concept
https://github.com/sushiswap/miso/blob/master/contracts/Liquidity/PostAuctionLauncher.sol#L105-L107 https://github.com/sushiswap/miso/blob/master/contracts/MISOLauncher.sol#L220-L256 https://github.com/sushiswap/miso/blob/master/contracts/MISOLauncher.sol#L269-L293 https://github.com/sushiswap/miso/blob/master/contracts/Liquidity/PostAuctionLauncher.sol#L119-L161 https://github.com/sushiswap/miso/blob/master/contracts/Vault/GnosisSafeFactory.sol#L44-L51 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/BatchAuction.sol#L235-L245 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/DutchAuction.sol#L425-L437https://github.com/sushiswap/miso/blob/master/contracts/Auctions/HyperbolicAuction.sol#L347-L360
Tools Used
Manual code review
Recommended Mitigation Steps
Consider applying the aforementioned changes.