Open code423n4 opened 3 years ago
0xRajeev
The zero-address checks in LendingPair initialiaze() are redundant if the only expected flow is from the PairFactory contract which also would have performed the same check before the call to this function.
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L83
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/PairFactory.sol#L52
Manual Analysis
Evaluate flow and remove one of the two checks.
Handle
0xRajeev
Vulnerability details
Impact
The zero-address checks in LendingPair initialiaze() are redundant if the only expected flow is from the PairFactory contract which also would have performed the same check before the call to this function.
Proof of Concept
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L83
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/PairFactory.sol#L52
Tools Used
Manual Analysis
Recommended Mitigation Steps
Evaluate flow and remove one of the two checks.