Closed c4-bot-4 closed 7 months ago
bytes032 marked the issue as insufficient quality report
The Warden specifies that input sanitization is missing from a constructor
; these types of issues fall under the relevant SC verdict of reckless administrative mistakes and thus cannot constitute valid submissions except as part of a QA or Analysis report.
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/main/src/core/caretaker.cairo#L100
Vulnerability details
The constructor does not perform explicit validation to ensure that the addresses passed as parameters are not zero addresses. Here's the relevant code snippet for the constructor:
Mitigation
Add explicit validation to ensure that the addresses are not zero addresses. Here's an example of how the validation can be performed within the constructor:
Impact
The impact of not validating the addresses in the constructor is that the contract may be deployed with zero addresses, which can lead to unexpected behavior and potential security vulnerabilities. For example, a zero address for the
admin
parameter could result in a situation where the contract is not properly initialized with an admin address, compromising the access control mechanism.Assessed type
Invalid Validation