julien51
commented
2 years ago I am not sure that checking for 0x0 make any real benefit because the user could still pass a non-existing address and we'd still have the same issue?
Open code423n4 opened 3 years ago
julien51
commented
2 years ago I am not sure that checking for 0x0 make any real benefit because the user could still pass a non-existing address and we'd still have the same issue?
0xleastwood
commented
2 years ago Marking as non-critical as there are no direct security implications.
Handle
BouSalman
Vulnerability details
Vulnerability description
the function initialize on the smart contract PublicLock is accepting the argument _lockCreator and pass it to the function _initializeMixinLockCore on the smart contract MixinLockCore. However No checking of zero address is done there.
Impact
loss of benefits
Proof of Concept
https://github.com/code-423n4/2021-11-unlock/blob/ec41eada1dd116bcccc5603ce342257584bec783/smart-contracts/contracts/PublicLock.sol#L54 https://github.com/code-423n4/2021-11-unlock/blob/ec41eada1dd116bcccc5603ce342257584bec783/smart-contracts/contracts/mixins/MixinLockCore.sol#L99
Tools Used
manual code review
Recommended Mitigation Steps
check for zero address on function require(_beneficiary != address(0), "invalid address");