search

code-423n4 / 2022-01-openleverage-findings

0 stars 0 forks source link

Missing zero checks at multiple places #267

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0v3rf10w

Vulnerability details

Impact

Missing zero checks at multiple places

Proof of Concept

Adminable.setPendingAdmin(address).newPendingAdmin (contracts/Adminable.sol#27) lacks a zero-check on :
                - pendingAdmin = newPendingAdmin (contracts/Adminable.sol#31)
DexAggregatorDelegator.constructor(address,address,address,address).implementation_ (contracts/dex/DexAggregatorDelegator.sol#14) lacks a zero-check on :
                - implementation = implementation_ (contracts/dex/DexAggregatorDelegator.sol#22)
DexAggregatorDelegator.constructor(address,address,address,address).admin_ (contracts/dex/DexAggregatorDelegator.sol#13) lacks a zero-check on :
                - admin = admin_ (contracts/dex/DexAggregatorDelegator.sol#24)
DexAggregatorDelegator.setImplementation(address).implementation_ (contracts/dex/DexAggregatorDelegator.sol#31) lacks a zero-check on :
                - implementation = implementation_ (contracts/dex/DexAggregatorDelegator.sol#33)
XOLE.setDev(address).newDev (contracts/XOLE.sol#172) lacks a zero-check on :
                - dev = newDev (contracts/XOLE.sol#173)
XOLE.delegateBySigs(address,uint256[],uint256[],uint8[],bytes32[],bytes32[]).delegatee (contracts/XOLE.sol#360) lacks a zero-check on :
                - (success) = address(this).call(abi.encodeWithSelector(XOLE(address(this)).delegateBySig.selector,delegatee,nonce[i],expiry[i],v[i],r[i],s[i])) (contracts/XOLE.sol#363-365)
GovernorAlpha.constructor(address,address,address).guardian_ (contracts/gov/GovernorAlpha.sol#141) lacks a zero-check on :
                - guardian = guardian_ (contracts/gov/GovernorAlpha.sol#144)
Timelock.constructor(address,uint256).admin_ (contracts/gov/Timelock.sol#32) lacks a zero-check on :
                - admin = admin_ (contracts/gov/Timelock.sol#36)
Timelock.setPendingAdmin(address).pendingAdmin_ (contracts/gov/Timelock.sol#67) lacks a zero-check on :
                - pendingAdmin = pendingAdmin_ (contracts/gov/Timelock.sol#74)
Timelock.executeTransaction(address,uint256,string,bytes,uint256).target (contracts/gov/Timelock.sol#117) lacks a zero-check on :
                - (success,returnData) = target.call{value: value}(callData) (contracts/gov/Timelock.sol#137)

Recommended Mitigation Steps

Add respective checks

ColaM12 commented 2 years ago

Duplicate to #57