Missing checks on `initialize` affects getting `l2TokenAddress` and `_governance`

[code423n4]

Lines of code

https://github.com/code-423n4/2022-10-zksync/blob/5a31c9db8ab32175dbd7264b05ce84931b6c0428/ethereum/contracts/bridge/L1ERC20Bridge.sol#L79-L82

Vulnerability details

Missing checks on initialize affects getting l2TokenAddress and _governance

Summary

A wrong assigned address or zero address can lead into incorrect functioning.

PoC

• _governor and _l2TokenFactory not checked https://github.com/code-423n4/2022-10-zksync/blob/5a31c9db8ab32175dbd7264b05ce84931b6c0428/ethereum/contracts/bridge/L1ERC20Bridge.sol#L79-L82

      l2TokenFactory = _l2TokenFactory;
  
      bytes32 create2Salt = bytes32(0);
      bytes memory create2Input = abi.encode(address(this), l2ProxyTokenBytecodeHash, _governor);

  If wrongly assigned _l2TokenFactory, l2TokenAddress() will not work as expected affecting possibility of getting the l2 token address for a l1 deposit.

Also the _governor is used as function parameter without any check, and therefore, if a 0 address is used, _governor address role would be a lost role and all the functions valid only for _governor role will be blocked.

Mitigation

• Check zero address before assigning or using it
• Create a setter for assigning l2TokenFactory in case of error or track the deployment and logs for being able to redeploy without affecting the protocol reputation
• Consider using msg.sender for _governor address and then transfer it with a double step method as defined in Governance.sol contract

[c4-sponsor]

miladpiri marked the issue as disagree with severity

[miladpiri]

Missing zero address check or request for two-step critical address procedure should be at most QA severity!

[c4-sponsor]

miladpiri marked the issue as sponsor acknowledged

[c4-judge]

Duplicate of https://github.com/code-423n4/2022-10-zksync-findings/issues/351

[GalloDaSballo]

L

[GalloDaSballo]

Actually am just closing as over-inflated

[c4-judge]

GalloDaSballo marked the issue as grade-c