Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/gateway/BridgeEscrow.sol#L20-L22 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Governed.sol#L31-L33 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Pausable.sol#L55-L59
User roles can being set to wrong values that block functionalities
Zero address should be checked for state variables, immutable variables. A zero address can lead into problems.
Check zero address before assigning or using it
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/gateway/BridgeEscrow.sol#L20-L22 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Governed.sol#L31-L33 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Pausable.sol#L55-L59
Vulnerability details
Missing checks for address(0x0) on setters can lead to problems
Impact
User roles can being set to wrong values that block functionalities
Summary
Zero address should be checked for state variables, immutable variables. A zero address can lead into problems.
Github Permalinks
https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/gateway/BridgeEscrow.sol#L20-L22 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Governed.sol#L31-L33 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Pausable.sol#L55-L59
Mitigation
Check zero address before assigning or using it