search

code-423n4 / 2021-12-sublime-findings

0 stars 0 forks source link

Not verified function inputs of public / external functions #30

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

robee

Vulnerability details

Not verified address arguments of external/public functions is a low risk issue. It's less severe for onlyOwner methods but for any other method it's crucial since the default address is 0. This is a full list of such appearances in the code base:

    Argument _defaultStrategy of CreditLine.initialize is not verified to be != 0
    Argument _priceOracle of CreditLine.initialize is not verified to be != 0
    Argument _savingsAccount of CreditLine.initialize is not verified to be != 0
    Argument _strategyRegistry of CreditLine.initialize is not verified to be != 0
    Argument _owner of CreditLine.initialize is not verified to be != 0
    Argument _protocolFeeCollector of CreditLine.initialize is not verified to be != 0
    Argument _defaultStrategy of CreditLine.updateDefaultStrategy is not verified to be != 0
    Argument _priceOracle of CreditLine.updatePriceOracle is not verified to be != 0
    Argument _savingsAccount of CreditLine.updateSavingsAccount is not verified to be != 0
    Argument _protocolFeeCollector of CreditLine.updateProtocolFeeCollector is not verified to be != 0
    Argument _strategyRegistry of CreditLine.updateStrategyRegistry is not verified to be != 0
    Argument _requestTo of CreditLine.request is not verified to be != 0
    Argument _borrowAsset of CreditLine.request is not verified to be != 0
    Argument _collateralAsset of CreditLine.request is not verified to be != 0
    Argument _strategy of CreditLine.depositCollateral is not verified to be != 0
    Argument _to of Token.mint is not verified to be != 0
    Argument address of Controller.convert is not verified to be != 0
    Argument fromToken of Controller.getExpectedReturn is not verified to be != 0
    Argument destToken of Controller.getExpectedReturn is not verified to be != 0
    Argument fromToken of Controller.getExpectedReturn is not verified to be != 0
    Argument destToken of Controller.getExpectedReturn is not verified to be != 0
    Argument _rewards of Controller.setRewards is not verified to be != 0
    Argument _strategist of Controller.setStrategist is not verified to be != 0
    Argument _onesplit of Controller.setOneSplit is not verified to be != 0
    Argument _governance of Controller.setGovernance is not verified to be != 0
    Argument _token of Controller.setVault is not verified to be != 0
    Argument _vault of Controller.setVault is not verified to be != 0
    Argument _token of Controller.approveStrategy is not verified to be != 0
    Argument _strategy of Controller.approveStrategy is not verified to be != 0
    Argument _token of Controller.revokeStrategy is not verified to be != 0
    Argument _strategy of Controller.revokeStrategy is not verified to be != 0
    Argument _input of Controller.setConverter is not verified to be != 0
    Argument _output of Controller.setConverter is not verified to be != 0
    Argument _converter of Controller.setConverter is not verified to be != 0
    Argument _token of Controller.setStrategy is not verified to be != 0
    Argument _strategy of Controller.setStrategy is not verified to be != 0
    Argument _token of Controller.earn is not verified to be != 0
    Argument _token of Controller.balanceOf is not verified to be != 0
    Argument _token of Controller.withdrawAll is not verified to be != 0
    Argument _token of Controller.inCaseTokensGetStuck is not verified to be != 0
    Argument _strategy of Controller.inCaseStrategyTokenGetStuck is not verified to be != 0
    Argument _token of Controller.inCaseStrategyTokenGetStuck is not verified to be != 0
    Argument _strategy of Controller.getExpectedReturn is not verified to be != 0
    Argument _token of Controller.getExpectedReturn is not verified to be != 0
    Argument _strategy of Controller.yearn is not verified to be != 0
    Argument _token of Controller.yearn is not verified to be != 0
    Argument _token of Controller.withdraw is not verified to be != 0
    Argument account of yVault.balanceOf is not verified to be != 0
    Argument recipient of yVault.transfer is not verified to be != 0
    Argument owner of yVault.allowance is not verified to be != 0
    Argument spender of yVault.allowance is not verified to be != 0
    Argument spender of yVault.approve is not verified to be != 0
    Argument sender of yVault.transferFrom is not verified to be != 0
    Argument recipient of yVault.transferFrom is not verified to be != 0
    Argument spender of yVault.increaseAllowance is not verified to be != 0
    Argument spender of yVault.decreaseAllowance is not verified to be != 0
    Argument _governance of yVault.setGovernance is not verified to be != 0
    Argument _controller of yVault.setController is not verified to be != 0
    Argument reserve of yVault.harvest is not verified to be != 0
    Argument _poolFactory of Extension.initialize is not verified to be != 0
    Argument _pool of Extension.requestExtension is not verified to be != 0
    Argument _from of Extension.removeVotes is not verified to be != 0
    Argument _to of Extension.removeVotes is not verified to be != 0
    Argument _pool of Extension.voteOnExtension is not verified to be != 0
    Argument _poolFactory of Extension.updatePoolFactory is not verified to be != 0
    Argument _borrower of Pool.initialize is not verified to be != 0
    Argument _borrowAsset of Pool.initialize is not verified to be != 0
    Argument _collateralAsset of Pool.initialize is not verified to be != 0
    Argument _poolSavingsStrategy of Pool.initialize is not verified to be != 0
    Argument _lenderVerifier of Pool.initialize is not verified to be != 0
    Argument _lender of Pool.addCollateralInMarginCall is not verified to be != 0
    Argument _lender of Pool.lend is not verified to be != 0
    Argument _strategy of Pool.lend is not verified to be != 0
    Argument _lender of Pool.getCurrentCollateralRatio is not verified to be != 0
    Argument _lender of Pool.liquidateForLender is not verified to be != 0
    Argument _priceOracle of Pool.correspondingBorrowTokens is not verified to be != 0
    Argument _lender of Pool.calculateRepaymentWithdrawable is not verified to be != 0
    Argument _lender of Pool.getMarginCallEndTime is not verified to be != 0
    Argument _lender of Pool.getBalanceDetails is not verified to be != 0
    Argument _source of Pool.getEquivalentTokens is not verified to be != 0
    Argument _target of Pool.getEquivalentTokens is not verified to be != 0
    Argument _admin of PoolFactory.initialize is not verified to be != 0
    Argument _protocolFeeCollector of PoolFactory.initialize is not verified to be != 0
    Argument _noStrategy of PoolFactory.initialize is not verified to be != 0
    Argument _poolImpl of PoolFactory.setImplementations is not verified to be != 0
    Argument _repaymentImpl of PoolFactory.setImplementations is not verified to be != 0
    Argument _userRegistry of PoolFactory.setImplementations is not verified to be != 0
    Argument _strategyRegistry of PoolFactory.setImplementations is not verified to be != 0
    Argument _priceOracle of PoolFactory.setImplementations is not verified to be != 0
    Argument _savingsAccount of PoolFactory.setImplementations is not verified to be != 0
    Argument _extension of PoolFactory.setImplementations is not verified to be != 0
    Argument _borrowToken of PoolFactory.createPool is not verified to be != 0
    Argument _collateralToken of PoolFactory.createPool is not verified to be != 0
    Argument _poolSavingsStrategy of PoolFactory.createPool is not verified to be != 0
    Argument _verifier of PoolFactory.createPool is not verified to be != 0
    Argument _lenderVerifier of PoolFactory.createPool is not verified to be != 0
    Argument _borrowToken of PoolFactory.updateSupportedBorrowTokens is not verified to be != 0
    Argument _collateralToken of PoolFactory.updateSupportedCollateralTokens is not verified to be != 0
    Argument _poolLogic of PoolFactory.updatePoolLogic is not verified to be != 0
    Argument _userRegistry of PoolFactory.updateUserRegistry is not verified to be != 0
    Argument _strategyRegistry of PoolFactory.updateStrategyRegistry is not verified to be != 0
    Argument _repaymentImpl of PoolFactory.updateRepaymentImpl is not verified to be != 0
    Argument _noStrategy of PoolFactory.updateNoStrategy is not verified to be != 0
    Argument _priceOracle of PoolFactory.updatePriceoracle is not verified to be != 0
    Argument _extension of PoolFactory.updatedExtension is not verified to be != 0
    Argument _savingsAccount of PoolFactory.updateSavingsAccount is not verified to be != 0
    Argument _protocolFeeCollector of PoolFactory.updateProtocolFeeCollector is not verified to be != 0
    Argument @param of Repayments.initialize is not verified to be != 0
    Argument _poolFactory of Repayments.initialize is not verified to be != 0
    Argument _poolFactory of Repayments.updatePoolFactory is not verified to be != 0
    Argument lentAsset of Repayments.initializeRepayment is not verified to be != 0
    Argument _poolID of Repayments.getInterestPerSecond is not verified to be != 0
    Argument _admin of PriceOracle.initialize is not verified to be != 0
    Argument num of PriceOracle.getChainlinkLatestPrice is not verified to be != 0
    Argument den of PriceOracle.getChainlinkLatestPrice is not verified to be != 0
    Argument num of PriceOracle.getUniswapLatestPrice is not verified to be != 0
    Argument den of PriceOracle.getUniswapLatestPrice is not verified to be != 0
    Argument num of PriceOracle.getLatestPrice is not verified to be != 0
    Argument den of PriceOracle.getLatestPrice is not verified to be != 0
    Argument token1 of PriceOracle.doesFeedExist is not verified to be != 0
    Argument token2 of PriceOracle.doesFeedExist is not verified to be != 0
    Argument token of PriceOracle.setChainlinkFeedAddress is not verified to be != 0
    Argument priceOracle of PriceOracle.setChainlinkFeedAddress is not verified to be != 0
    Argument token1 of PriceOracle.setUniswapFeedAddress is not verified to be != 0
    Argument token2 of PriceOracle.setUniswapFeedAddress is not verified to be != 0
    Argument pool of PriceOracle.setUniswapFeedAddress is not verified to be != 0
    Argument _owner of SavingsAccount.initialize is not verified to be != 0
    Argument _strategyRegistry of SavingsAccount.initialize is not verified to be != 0
    Argument _creditLine of SavingsAccount.initialize is not verified to be != 0
    Argument _creditLine of SavingsAccount.updateCreditLine is not verified to be != 0
    Argument _strategyRegistry of SavingsAccount.updateStrategyRegistry is not verified to be != 0
    Argument _token of SavingsAccount.deposit is not verified to be != 0
    Argument _strategy of SavingsAccount.deposit is not verified to be != 0
    Argument _to of SavingsAccount.deposit is not verified to be != 0
    Argument _token of SavingsAccount.switchStrategy is not verified to be != 0
    Argument _currentStrategy of SavingsAccount.switchStrategy is not verified to be != 0
    Argument _newStrategy of SavingsAccount.switchStrategy is not verified to be != 0
    Argument _token of SavingsAccount.withdraw is not verified to be != 0
    Argument _strategy of SavingsAccount.withdraw is not verified to be != 0
    Argument payable of SavingsAccount.withdraw is not verified to be != 0
    Argument _token of SavingsAccount.withdrawFrom is not verified to be != 0
    Argument _strategy of SavingsAccount.withdrawFrom is not verified to be != 0
    Argument _from of SavingsAccount.withdrawFrom is not verified to be != 0
    Argument payable of SavingsAccount.withdrawFrom is not verified to be != 0
    Argument _token of SavingsAccount.withdrawAll is not verified to be != 0
    Argument _token of SavingsAccount.withdrawAll is not verified to be != 0
    Argument _strategy of SavingsAccount.withdrawAll is not verified to be != 0
    Argument _token of SavingsAccount.approve is not verified to be != 0
    Argument _to of SavingsAccount.approve is not verified to be != 0
    Argument _token of SavingsAccount.increaseAllowance is not verified to be != 0
    Argument _to of SavingsAccount.increaseAllowance is not verified to be != 0
    Argument _token of SavingsAccount.decreaseAllowance is not verified to be != 0
    Argument _to of SavingsAccount.decreaseAllowance is not verified to be != 0
    Argument _token of SavingsAccount.increaseAllowanceToCreditLine is not verified to be != 0
    Argument _from of SavingsAccount.increaseAllowanceToCreditLine is not verified to be != 0
    Argument _token of SavingsAccount.transfer is not verified to be != 0
    Argument _strategy of SavingsAccount.transfer is not verified to be != 0
    Argument _to of SavingsAccount.transfer is not verified to be != 0
    Argument _token of SavingsAccount.transferFrom is not verified to be != 0
    Argument _strategy of SavingsAccount.transferFrom is not verified to be != 0
    Argument _from of SavingsAccount.transferFrom is not verified to be != 0
    Argument _to of SavingsAccount.transferFrom is not verified to be != 0
    Argument _user of SavingsAccount.getTotalTokens is not verified to be != 0
    Argument _token of SavingsAccount.getTotalTokens is not verified to be != 0
    Argument _owner of AaveYield.initialize is not verified to be != 0
    Argument payable of AaveYield.initialize is not verified to be != 0
    Argument _wethGateway of AaveYield.initialize is not verified to be != 0
    Argument _protocolDataProvider of AaveYield.initialize is not verified to be != 0
    Argument _lendingPoolAddressesProvider of AaveYield.initialize is not verified to be != 0
    Argument asset of AaveYield.liquidityToken is not verified to be != 0
    Argument payable of AaveYield.updateSavingsAccount is not verified to be != 0
    Argument _wethGateway of AaveYield.updateAaveAddresses is not verified to be != 0
    Argument _protocolDataProvider of AaveYield.updateAaveAddresses is not verified to be != 0
    Argument _lendingPoolAddressesProvider of AaveYield.updateAaveAddresses is not verified to be != 0
    Argument _asset of AaveYield.emergencyWithdraw is not verified to be != 0
    Argument payable of AaveYield.emergencyWithdraw is not verified to be != 0
    Argument user of AaveYield.lockTokens is not verified to be != 0
    Argument asset of AaveYield.lockTokens is not verified to be != 0
    Argument asset of AaveYield.unlockTokens is not verified to be != 0
    Argument asset of AaveYield.unlockShares is not verified to be != 0
    Argument asset of AaveYield.getTokensForShares is not verified to be != 0
    Argument asset of AaveYield.getSharesForTokens is not verified to be != 0
    Argument _owner of CompoundYield.initialize is not verified to be != 0
    Argument payable of CompoundYield.initialize is not verified to be != 0
    Argument payable of CompoundYield.updateSavingsAccount is not verified to be != 0
    Argument _asset of CompoundYield.updateProtocolAddresses is not verified to be != 0
    Argument _liquidityToken of CompoundYield.updateProtocolAddresses is not verified to be != 0
    Argument _asset of CompoundYield.emergencyWithdraw is not verified to be != 0
    Argument payable of CompoundYield.emergencyWithdraw is not verified to be != 0
    Argument user of CompoundYield.lockTokens is not verified to be != 0
    Argument asset of CompoundYield.lockTokens is not verified to be != 0
    Argument asset of CompoundYield.unlockTokens is not verified to be != 0
    Argument asset of CompoundYield.unlockShares is not verified to be != 0
    Argument asset of CompoundYield.getTokensForShares is not verified to be != 0
    Argument asset of CompoundYield.getSharesForTokens is not verified to be != 0
    Argument _owner of NoYield.initialize is not verified to be != 0
    Argument payable of NoYield.initialize is not verified to be != 0
    Argument _asset of NoYield.liquidityToken is not verified to be != 0
    Argument payable of NoYield.updateSavingsAccount is not verified to be != 0
    Argument _asset of NoYield.emergencyWithdraw is not verified to be != 0
    Argument payable of NoYield.emergencyWithdraw is not verified to be != 0
    Argument user of NoYield.lockTokens is not verified to be != 0
    Argument asset of NoYield.lockTokens is not verified to be != 0
    Argument asset of NoYield.unlockShares is not verified to be != 0
    Argument asset of NoYield.getTokensForShares is not verified to be != 0
    Argument asset of NoYield.getSharesForTokens is not verified to be != 0
    Argument _owner of StrategyRegistry.initialize is not verified to be != 0
    Argument _strategy of StrategyRegistry.addStrategy is not verified to be != 0
    Argument _oldStrategy of StrategyRegistry.updateStrategy is not verified to be != 0
    Argument _newStrategy of StrategyRegistry.updateStrategy is not verified to be != 0
    Argument _owner of YearnYield.initialize is not verified to be != 0
    Argument payable of YearnYield.initialize is not verified to be != 0
    Argument payable of YearnYield.updateSavingsAccount is not verified to be != 0
    Argument _asset of YearnYield.updateProtocolAddresses is not verified to be != 0
    Argument _liquidityToken of YearnYield.updateProtocolAddresses is not verified to be != 0
    Argument _asset of YearnYield.emergencyWithdraw is not verified to be != 0
    Argument payable of YearnYield.emergencyWithdraw is not verified to be != 0
    Argument user of YearnYield.lockTokens is not verified to be != 0
    Argument asset of YearnYield.lockTokens is not verified to be != 0
    Argument asset of YearnYield.unlockTokens is not verified to be != 0
    Argument asset of YearnYield.unlockShares is not verified to be != 0
    Argument asset of YearnYield.getTokensForShares is not verified to be != 0
    Argument asset of YearnYield.getSharesForTokens is not verified to be != 0
ritik99 commented 2 years ago

Duplicate of #84

0xean commented 2 years ago

Not a duplicate of #84 which discusses validation of fee parametrs. Reopening