Uninitialize variables resultTypeIdDelegate and resultDefaultDelegate

[code423n4]

Lines of code

https://github.com/code-423n4/2023-06-lukso/contracts/LSP0ERC725Account/LSP0ERC725AccountCore.sol#L466

Vulnerability details

Impact

Detailed description of the impact of this finding. Not initializing the variables resultTypeIdDelegate and resultDefaultDelegate to default values can potentially lead to unexpected behavior or bugs. When a variable is declared but not initialized, its initial value is the default value of its type. For bytes memory variables, the default value is an empty byte array (bytes memory resultTypeIdDelegate = "";).

In this work, the variables not being initialized, they will have an initial value of bytes memory(0), which represents an empty byte array. Depending on how these variables are used later in the code, this empty byte array may or may not cause issues.

If the uninitialized variables are used in a context where an empty byte array is a valid or expected value, then there may not be any immediate bugs. However, if they are used in a context where a specific value is expected or required, not initializing them could lead to unexpected behavior or errors which can lead to a denial of service. To ensure code correctness and avoid potential bugs, it's generally recommended to initialize variables with appropriate default values.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Manual auditing

Recommended Mitigation Steps

If the deployment cost is a concern, you could consider initializing them to a minimum default value that still fulfills the requirements of the code logic.

Assessed type

Error

[c4-pre-sort]

minhquanym marked the issue as low quality report

[c4-pre-sort]

minhquanym marked the issue as primary issue

[minhquanym]

Spam

[c4-judge]

trust1995 marked the issue as unsatisfactory: Invalid