shalbe-cvg
commented
1 year ago Hello, Thanks a lot for your attention.
Passing address zero is considered as a misconfiguration on our side.
In conclusion we have so to consider this issue as invalid.
Open hats-bug-reporter[bot] opened 1 year ago
shalbe-cvg
commented
1 year ago Hello, Thanks a lot for your attention.
Passing address zero is considered as a misconfiguration on our side.
In conclusion we have so to consider this issue as invalid.
Github username: @dappconsulting Submission hash (on-chain): 0x4715dd84c9467516aa9f1e8d34064ab3ff75d0e172e9d838c64f2220219f6a12 Severity: low
Description: Description\
https://github.com/Cvg-Finance/hats-audit/blob/b5bb4d8022a2c71e255b620f8d636caef0dec731/contracts/PresaleVesting/VestingCvg.sol#L115-L117 https://github.com/Cvg-Finance/hats-audit/blob/b5bb4d8022a2c71e255b620f8d636caef0dec731/contracts/PresaleVesting/VestingCvg.sol#L119-L121 https://github.com/Cvg-Finance/hats-audit/blob/b5bb4d8022a2c71e255b620f8d636caef0dec731/contracts/PresaleVesting/VestingCvg.sol#L123-L125 https://github.com/Cvg-Finance/hats-audit/blob/b5bb4d8022a2c71e255b620f8d636caef0dec731/contracts/PresaleVesting/VestingCvg.sol#L127-L129 https://github.com/Cvg-Finance/hats-audit/blob/b5bb4d8022a2c71e255b620f8d636caef0dec731/contracts/PresaleVesting/VestingCvg.sol#L131-L133
Functions with missing address(0) checks: setCvg(), setPresale(), setPresaleSeed(), setWhitelistTeam(), setWhitelistDao()
Recommendation:
Simple require check: require(someAddress != address(0));
Attack Scenario\ While sometimes its the intention of the protocol to allow for address(0) values for function parameters, in most cases it's risky to allow even for accidentally passing zero address. It's unwise to assume trusted users will not make this mistake.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)