QA Report

[code423n4]

Lines of code

https://github.com/code-423n4/2022-02-concur/blob/72b5216bfeaa7c52983060ebfc56e72e0aa8e3b0/contracts/ConvexStakingWrapper.sol#L256

Vulnerability details

ConcurRewardPool.constructor(address)._notifier (contracts/ConcurRewardPool.sol#15) lacks a zero-check on :
        - rewardNotifier = _notifier (contracts/ConcurRewardPool.sol#16)
ConvexStakingWrapper.constructor(address,MasterChef)._treasury (contracts/ConvexStakingWrapper.sol#69) lacks a zero-check on :
        - treasury = _treasury (contracts/ConvexStakingWrapper.sol#70)
ConvexStakingWrapper.changeTreasury(address)._treasury (contracts/ConvexStakingWrapper.sol#82) lacks a zero-check on :
        - treasury = _treasury (contracts/ConvexStakingWrapper.sol#83)
StakingRewards.constructor(address,address,address,MasterChef)._rewardsDistribution (contracts/StakingRewards.sol#38) lacks a zero-check on :
        - rewardsDistribution = _rewardsDistribution (contracts/StakingRewards.sol#45)
StakingRewards.setRewardsDistribution(address)._rewardsDistribution (contracts/StakingRewards.sol#187) lacks a zero-check on :
        - rewardsDistribution = _rewardsDistribution (contracts/StakingRewards.sol#195)
USDMPegRecovery.constructor(uint256,address)._kpiOracle (contracts/USDMPegRecovery.sol#50) lacks a zero-check on :
        - kpiOracle = _kpiOracle (contracts/USDMPegRecovery.sol#57)
VoteProxy.execute(address,uint256,bytes)._to (contracts/VoteProxy.sol#29) lacks a zero-check on :
        - (success,result) = _to.call{value: _value}(_data) (contracts/VoteProxy.sol#33)

[GalloDaSballo]

Finding is valid but am downgrading to Low Severity which is in line with industry standard auditing firms

[JeeberC4]

Changing to QA Report as warden did not submit one and the judge has downgraded. Preserving original title: Missing zero checks

[GalloDaSballo]

Because the finding is fully automated am going to rate it at 0

Please consider doing the extra work of making your findings readable to human beings

[GalloDaSballo]

0