search

code-423n4 / 2024-07-karak-validation

0 stars 0 forks source link

not zero implementation will revert in "validateVaultConfigs" #356

Closed c4-bot-10 closed 2 months ago

c4-bot-10 commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-07-karak/blob/main/src/entities/CoreLib.sol#L81

Vulnerability details

Impact

Detailed description of the impact of this finding. if implementation == address(0) then it will not revert but if implementation is not zero then it will revert.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

function validateVaultConfigs(Storage storage self, VaultLib.Config[] calldata vaultConfigs, address implementation) public view { @> if (!(implementation == address(0) || isVaultImplAllowlisted(self, implementation))) { revert VaultImplNotAllowlisted(); } for (uint256 i = 0; i < vaultConfigs.length; i++) { if (self.assetSlashingHandlers[vaultConfigs[i].asset] == address(0)) revert AssetNotAllowlisted(); } }

Tools Used

Recommended Mitigation Steps

if (!(implementation != address(0) || isVaultImplAllowlisted(self, implementation))) { revert VaultImplNotAllowlisted(); } for (uint256 i = 0; i < vaultConfigs.length; i++) { if (self.assetSlashingHandlers[vaultConfigs[i].asset] == address(0)) revert AssetNotAllowlisted(

Assessed type

Context