search

hats-finance / Fenix-Finance-0x83dbe5aa378f3ce160ed084daf85f621289fb92f

0 stars 0 forks source link

Internal Bribe address can be set to the zero address #47

Open hats-bug-reporter[bot] opened 4 months ago

hats-bug-reporter[bot] commented 4 months ago

Github username: @arialblack14 Twitter username: 0xl3xx Submission hash (on-chain): 0x26ba0477d833f21916a518320646b96ad8e81e89fd94c4e056e2a30227953177 Severity: low

Description: Description\ GaugeUpgradable.setInternalBribe() can be set to address(0). Although the function has a require statement to prevent this, instead of checking whether it is not zero it permits it:

function setInternalBribe(address _int) external onlyOwner {
        require(_int >= address(0), "zero"); // @audit should be _int > address(0)
        internal_bribe = _int;
    }

Attack Scenario\ Calling the above function with the address(0) or by mistake will lead to fees lost.

Attachments

  1. Proof of Concept (PoC) File

  2. Revised Code File (Optional)

BohdanHrytsak commented 4 months ago

Thank you for the submission.

This submission refers to the original Chronos & Thena code, as well as to a configuration error on the Owner's side, which all makes this an OOS issue