c4-judge
commented
1 year ago dmvt marked the issue as unsatisfactory: Out of scope
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago dmvt marked the issue as unsatisfactory: Out of scope
dmvt
commented
1 year ago Zero address checks are considered QA.
dmvt
commented
1 year ago Hit the wrong button... should be "Overinflated Severity"
Lines of code
https://github.com/code-423n4/2022-11-stakehouse/blob/4b6828e9c807f2f7c569e6d721ca1289f7cf7112/contracts/liquid-staking/GiantLP.sol#L19-L27
Vulnerability details
Impact
Without check the giant pool address its possible to assign inappropriate address for pool.
Proof of Concept
constructor( address _pool, address _transferHookProcessor, string memory _name, string memory _symbol ) ERC20(_name, _symbol) { pool = _pool; transferHookProcessor = ITransferHookProcessor(_transferHookProcessor); }
We need to check the _pool parameter address before assigning to the pool. If its not a zero address then only
constructor( address _pool, address _transferHookProcessor, string memory _name, string memory _symbol ) ERC20(_name, _symbol) {
require(_pool !=address(0), " can't assign zero address to pool" ); // @ _pool address check
pool address only holding the giant Lp tokes. In this scenario the giant lp token can possible to deployed in zero address.
If its a zero address we can't mint or burn the Lp tokens.
because pool address only responsible to access the mint and burn functions.
Manual Audit with vscode
Recommended Mitigation Steps
pool address must be assigned after zero address check . The _pool is not equal to address(0)