YunChe404
commented
2 years ago Open code423n4 opened 2 years ago
YunChe404
commented
2 years ago 
pauliax
commented
2 years ago Valid suggestion, smart contracts should always enforce the validations even when callers are trusted actors. Making this a primary issue as it contains the most examples.
YunChe404
commented
2 years ago This finding only refers to the constructors of the smart contracts. If a mistake is made during the deployment, then we can just re-deploy that one. Also, as per #17 & #53 , risk level should be lowered to zero.
pauliax
commented
2 years ago I understand your point but I am trying to make a fair decision based on previous experiences. However, I see that in previous contests similar issues were assigned a severity of either low or non-critical with no consistency. Because the sponsor understands the risk and states it is not that relevant in this case, I am lowering the severity to 0.
Handle
cmichel
Vulnerability details
Some parameters of functions are not checked for non-zero values:
FairSideConviction.constructor: _fsdSignatureWhitelist.constructor: signer: It's very important that this is not the zero address, otherwise all signatures verify in_whitelistFSDVesting.constructor: _token, _factory, _dao, _fairSideConvictionFSDVestingFactory.constructor: _tokenFairSideDAO.constructor: _timelock, _FSD, _guardianFSDNetwork.constructor: _fsd, fundingPool, governance, timelockFSD.constructor: _fundingPool, whitelistSigner, _timelockImpact
Wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.
Recommended Mitigation Steps
Validate the parameters.