merklejerk
commented
1 year ago Not worth it imo. We could also easily accidentally set it to a non-zero address we don't control.
Open code423n4 opened 1 year ago
merklejerk
commented
1 year ago Not worth it imo. We could also easily accidentally set it to a non-zero address we don't control.
trust1995
commented
1 year ago I also don't think this is valid
HardlyDifficult
commented
1 year ago Seems valid, but NC since this is a constructor they could just deploy again to correct a mistake.
Converting into a QA report for the warden.
HardlyDifficult
commented
1 year ago
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L94
Vulnerability details
Impact
The Global Variable is an immutable state variable that cannot be changed after deployment, wrongly setting the address can have a great effect on the performance of the protocol.
Proof of Concept
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L94
Tools Used
Recommended Mitigation Steps
A proper check should be done on the address pass in the constructor to make sure address zero is not passed at the point of deployment, this will help to avoid spending extra deployment cost if address 0 is passed as the Admin might want to correct the error by deploying another contract: