Open code423n4 opened 2 years ago
0xRajeev
Zero-address checks for input validation of address-type variables is a best-practice. While this is implemented in most places, there are 1-2 missing ones.
https://github.com/sushiswap/trident/blob/6bd4c053b6213ffc612987eb565aa3813d5f0d13/contracts/TridentRouter.sol#L33
Missing zero-address check here unless the intention is also to capture a renounce/burn functionality in which case a separate renounceMigrator() would be better to separate the concerns: https://github.com/sushiswap/trident/blob/6bd4c053b6213ffc612987eb565aa3813d5f0d13/contracts/deployer/MasterDeployer.sol#L66
Manual Analysis
Add zero-address check.
Acceptable risk
maxsam4
commented
2 years ago
Handle
0xRajeev
Vulnerability details
Impact
Zero-address checks for input validation of address-type variables is a best-practice. While this is implemented in most places, there are 1-2 missing ones.
Proof of Concept
https://github.com/sushiswap/trident/blob/6bd4c053b6213ffc612987eb565aa3813d5f0d13/contracts/TridentRouter.sol#L33
Missing zero-address check here unless the intention is also to capture a renounce/burn functionality in which case a separate renounceMigrator() would be better to separate the concerns: https://github.com/sushiswap/trident/blob/6bd4c053b6213ffc612987eb565aa3813d5f0d13/contracts/deployer/MasterDeployer.sol#L66
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add zero-address check.