search

code-423n4 / 2023-03-zksync-findings

5 stars 1 forks source link

No check for checking the "to" address to not be zero address in _execute() function of DefaultAccount.sol #216

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-03-zksync//blob/main/contracts/DefaultAccount.sol#L141

Vulnerability details

Impact

The "to" address can be zero address while converting from uint256 to uint160.

Proof of Concept

// SPDX-License-Identifier: GPL-3.0

pragma solidity ^0.8.0;

contract Test {

uint256 public to = 2**160;

function check() external view {

    assert(address(uint160(to)) == address(0));
}

}

Tools Used

Remix ide

Recommended Mitigation Steps

Recommended to add (to != address(0));

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid

GalloDaSballo commented 1 year ago

Not possible because addresses are 20 bytes