Missing 0-address checks in `proposeOwnership`

[code423n4]

Handle

p4st13r4

Vulnerability details

Impact

A zero-address owner can be proposed, leading to waste of gas

Proof of Concept

function proposeOwnership(address newOwner_) external onlyOwner {
    emit OwnershipProposed(owner, pendingOwner = newOwner_);
}

Tools Used

Editor

Recommended Mitigation Steps

Add a 0-address check in proposeOwnership

[deluca-mike]

The whole point of the proposeOwnership and acceptOwnership pattern is that only accounts that can call acceptOwnership can become owners. Also, this would cost more gas for the happy-path, not less. Further, our philosophy is the UX checks should be done on the client-side.