search

code-423n4 / 2024-10-ronin-findings

0 stars 0 forks source link

Lack of `address(0)` in the `KatanaGovernance::_setFactory` function #55

Closed howlbot-integration[bot] closed 4 weeks ago

howlbot-integration[bot] commented 4 weeks ago

Lines of code

https://github.com/ronin-chain/katana-operation-contracts/blob/27f9d28e00958bf3494fa405a8a5acdcd5ecdc5d/src/governance/KatanaGovernance.sol#L340

Vulnerability details

Proof of Concept

The KatanaGovernance::_setFactory function is used to change the value of _v2Factory but depending on the current implementation, this variable can take on an address(0) which is an invalid address. If _v2Factory is address(0) or is not defined correctly, calling the KatanaGovernance::createPair function will always fail and we will get other unexpected behaviour.

    function _setFactory(address factory) private {
        // @audit lack of address(0) check
        _v2Factory = IKatanaV2Factory(factory);

        emit FactoryUpdated(_msgSender(), factory);
    }

Impact

DOS and unattended behaviour, as some functions will always fail due to an invalid address.

Recommended Mitigation Steps

    function _setFactory(address factory) private {
+       require(factory != address(0), "Invalid address!");
        _v2Factory = IKatanaV2Factory(factory);

        emit FactoryUpdated(_msgSender(), factory);
    }

Assessed type

Invalid Validation

c4-judge commented 3 weeks ago

alex-ppg marked the issue as unsatisfactory: Invalid