Accidentally setting the input parameter a to address(0) will lead to loosing control of the admin functionalities. In the event that this is accidentally set to address(0), no one then can change it again because only the admin(in this case address(0) ) can call this function which means no one. This is not good for the protocol because many important functions can only be called by the admin.
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L428-L432 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Marketplace/MarketPlace.sol#L53-L56 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/Creator.sol#L47-L50
Vulnerability details
Impact
Accidentally setting the input parameter
a
toaddress(0)
will lead to loosing control of the admin functionalities. In the event that this is accidentally set toaddress(0)
, no one then can change it again because only the admin(in this caseaddress(0)
) can call this function which means no one. This is not good for the protocol because many important functions can only be called by the admin.Proof of Concept
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L428-L432 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Marketplace/MarketPlace.sol#L53-L56 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/Creator.sol#L47-L50
Tools Used
VIm
Recommended Mitigation Steps
I suggest adding a require statement, for example:
require(a != address(0));