Missing 0 address check

[code423n4]

Handle

cccz

Vulnerability details

Impact

Missing 0 address check when setting address in contract

Proof of Concept

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/pool/DelegatorPool.sol#L48

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/gateway/L2LPTDataCache.sol#L30

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/gateway/L2LPTDataCache.sol#L38

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/gateway/L2LPTGateway.sol#L52

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/gateway/L2Migrator.sol#L86-L90

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/gateway/L2Migrator.sol#L101

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/gateway/L2Migrator.sol#L112

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L1/gateway/L1LPTDataCache.sol#L25-L26

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L1/gateway/L1LPTGateway.sol#L55

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L1/gateway/L1LPTGateway.sol#L64

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L1/gateway/L1Migrator.sol#L136-L141

https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/ControlledGateway.sol#L22-L23

Tools Used

Manual analysis

Recommended Mitigation Steps

Add 0 address check

[yondonfu]

Not planning on adding these checks because the caller/deployer will be responsible for providing the correct addresses and noting that even if there is a zero address check in the contract, the caller/deployer is still the only one that is aware of the correct address to use.

[0xleastwood]

This is not an issue, so marking as non-critical.