Open code423n4 opened 2 years ago
Valid suggestion, smart contracts should always enforce the validations even when callers are trusted actors. Making this a primary issue as it contains the most examples.
This finding only refers to the constructors of the smart contracts. If a mistake is made during the deployment, then we can just re-deploy that one. Also, as per #17 & #53 , risk level should be lowered to zero.
I understand your point but I am trying to make a fair decision based on previous experiences. However, I see that in previous contests similar issues were assigned a severity of either low or non-critical with no consistency. Because the sponsor understands the risk and states it is not that relevant in this case, I am lowering the severity to 0.
Handle
cmichel
Vulnerability details
Some parameters of functions are not checked for non-zero values:
FairSideConviction.constructor: _fsd
SignatureWhitelist.constructor: signer
: It's very important that this is not the zero address, otherwise all signatures verify in_whitelist
FSDVesting.constructor: _token, _factory, _dao, _fairSideConviction
FSDVestingFactory.constructor: _token
FairSideDAO.constructor: _timelock, _FSD, _guardian
FSDNetwork.constructor: _fsd, fundingPool, governance, timelock
FSD.constructor: _fundingPool, whitelistSigner, _timelock
Impact
Wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
Recommended Mitigation Steps
Validate the parameters.