search

code-423n4 / 2023-06-lukso-findings

3 stars 1 forks source link

lack of proper check on the address #6

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/Mocks/LSP20Owners/FallbackReturnMagicValue.sol#L30-L37

Vulnerability details

Impact

Detailed description of the impact of this finding. require statement needs to be added to prevent usage of a zero address

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function acceptOwnership(address newTarget) external { @audit target = newTarget; ILSP14Ownable2Step(target).acceptOwnership(); }

function transferOwnership(address newOwner) external { @audit
    ILSP14Ownable2Step(target).transferOwnership(newOwner);
}

Tools Used

vscode

Recommended Mitigation Steps

use require(address != 0)

Assessed type

Other

c4-pre-sort commented 1 year ago

minhquanym marked the issue as low quality report

c4-pre-sort commented 1 year ago

minhquanym marked the issue as primary issue

minhquanym commented 1 year ago

Inflated severity

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Invalid