Missing parameter validation

[code423n4]

Handle

cmichel

Vulnerability details

Some parameters of functions are not checked for invalid values:

• PairFactory.constructor: check token addresses are not zero
• LPTokenMaster.initialize: check token addresses are not zero
• UniswapV3Oracle.constructor: check token addresses are not zero
• InterestRateModel.constructor: check lowRate <= highRate

Impact

A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.

Recommended Mitigation Steps

Validate the parameters.

[talegift]

PairFactory.constructor - already checked https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/PairFactory.sol#L52

LPTokenMaster.initialize - not required, it would only consume gas for no reason, it's set in the code by the LendingPair._createLpToken

The rest will be addressed in other reports.

Also:

As per the pre the judge's comment on the same issue from the previous audit.

This requires user error so non-critical.

https://github.com/code-423n4/2021-07-wildcredit-findings/issues/108#issuecomment-890587742

[ghoul-sol]

best practices, non-critical