Detailed description of the impact of this finding.
if implementation == address(0) then it will not revert but if implementation is not zero then it will revert.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function validateVaultConfigs(Storage storage self, VaultLib.Config[] calldata vaultConfigs, address implementation)
public
view
{
@> if (!(implementation == address(0) || isVaultImplAllowlisted(self, implementation))) {
revert VaultImplNotAllowlisted();
}
for (uint256 i = 0; i < vaultConfigs.length; i++) {
if (self.assetSlashingHandlers[vaultConfigs[i].asset] == address(0)) revert AssetNotAllowlisted();
}
}
Tools Used
Recommended Mitigation Steps
if (!(implementation != address(0) || isVaultImplAllowlisted(self, implementation))) {
revert VaultImplNotAllowlisted();
}
for (uint256 i = 0; i < vaultConfigs.length; i++) {
if (self.assetSlashingHandlers[vaultConfigs[i].asset] == address(0)) revert AssetNotAllowlisted(
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/main/src/entities/CoreLib.sol#L81
Vulnerability details
Impact
Detailed description of the impact of this finding. if implementation == address(0) then it will not revert but if implementation is not zero then it will revert.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function validateVaultConfigs(Storage storage self, VaultLib.Config[] calldata vaultConfigs, address implementation) public view { @> if (!(implementation == address(0) || isVaultImplAllowlisted(self, implementation))) { revert VaultImplNotAllowlisted(); } for (uint256 i = 0; i < vaultConfigs.length; i++) { if (self.assetSlashingHandlers[vaultConfigs[i].asset] == address(0)) revert AssetNotAllowlisted(); } }
Tools Used
Recommended Mitigation Steps
if (!(implementation != address(0) || isVaultImplAllowlisted(self, implementation))) { revert VaultImplNotAllowlisted(); } for (uint256 i = 0; i < vaultConfigs.length; i++) { if (self.assetSlashingHandlers[vaultConfigs[i].asset] == address(0)) revert AssetNotAllowlisted(
Assessed type
Context