Closed code423n4 closed 2 years ago
We have a check require(maturity > block.timestamp, "maturityTime is after startTime");
and startTime is set to block.timestamp
. One of the missing checks is added https://github.com/tempus-finance/tempus-protocol/pull/364
In general there are two issues that reported more or less the same thing, just in more specific way (not sure if we consider this one as duplicate or wrong submission because example for maturity check is not valid).
The issues that are reporting similar things: https://github.com/code-423n4/2021-10-tempus-findings/issues/6 https://github.com/code-423n4/2021-10-tempus-findings/issues/12
In addition to this, I disagree that severity is 1, it should be 0.
closing this specific issue as invalid as the recommendation from the warden is in effect already in place.
Handle
cmichel
Vulnerability details
Some parameters of functions are not checked for invalid values:
TempusPool.constructor
: The parameters should be checked to be non-zero,maturityTime > startTime
Impact
Wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
Recommended Mitigation Steps
Validate the parameters.