Missing parameter validation

[code423n4]

Handle

cmichel

Vulnerability details

Some parameters of functions are not checked for invalid values:

• TempusPool.constructor: The parameters should be checked to be non-zero, maturityTime > startTime

Impact

Wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.

Recommended Mitigation Steps

Validate the parameters.

[mijovic]

We have a check require(maturity > block.timestamp, "maturityTime is after startTime"); and startTime is set to block.timestamp. One of the missing checks is added https://github.com/tempus-finance/tempus-protocol/pull/364 In general there are two issues that reported more or less the same thing, just in more specific way (not sure if we consider this one as duplicate or wrong submission because example for maturity check is not valid).

The issues that are reporting similar things: https://github.com/code-423n4/2021-10-tempus-findings/issues/6 https://github.com/code-423n4/2021-10-tempus-findings/issues/12

In addition to this, I disagree that severity is 1, it should be 0.

[0xean]

closing this specific issue as invalid as the recommendation from the warden is in effect already in place.