Lack of checks for data passed into onlyOwner functions

[code423n4]

Handle

UncleGrandpa925

Vulnerability details

Issue

Lack of checks for data passed into onlyOwner functions.

For example:

• No zero checks on setPenaltyCollector. This may lead to penalty being silently transferred to address zero in LaunchEvent.
• No zero checks on setRouter. This may lead to LaunchEvent's interaction with router (in createPool) to permanently revert, forcing emergency.
• Similarly, there are no bounds checks on setPhaseDuration, setPhaseOneNoFeeDuration & setRJoePerAvax, opening up the possibility of erroneous values being set in LaunchEvents, possibly causing these events to be aborted & tokens to be redeployed (since there can only be one LaunchEvent for one token).

In conclusion, the lack of checks for these important functions may seriously affect the launch of protocols.

Recommended Mitigation Steps

• Add more stringent checks to all onlyOwner functions

Note

Proposing this as Medium after reffering to a few past reports where there weren't sufficient checks for onlyOwner functions may disrupt the availability of the protocol. Considering the fact that the launch of any protocols is a very important event for them, these issues shouldn't happen.

[cryptofish7]

Duplicate of #263

[dmvt]

While this could impact availability and potential cause some small fund loss, the likelihood of it occurring is very low given that these are all admin level functions. I agree with the sponsor and other wardens who ranked this low risk.