krzysztofziobro
commented
4 months ago From what I see using IWETH9 doesn't provide any meaningful validation
Open hats-bug-reporter[bot] opened 5 months ago
krzysztofziobro
commented
4 months ago From what I see using IWETH9 doesn't provide any meaningful validation
ololade97
commented
4 months ago Having IWETH9 in there ensures the address provided contains the functions declared in the IWETH9 interface.
It would revert when the address provided doesn't contain functions in IWETH9.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xeac00b5418f0c7188935d6e3f4c86185e6d26c193f5ee45ad0686663bb67b10f Severity: minor
Description: Description\ In Most.sol, passing the wethAddress directly to the initialize function without any validation could potentially open up a security risk.
The function caller could provide an incorrect contract address as the _wethAddress parameter, leading to unintended behavior or potential loss of funds. The wethAddress is used by critical functions such as receive(), sendRequestNative(), and receiveRequest().
A better approach would be to validate the _wethAddress parameter to ensure that it is indeed the correct address of the WETH9 contract.
Using wethAddress = IWETH9(_wethAddress) is a good approach to validate the _wethAddress parameter and assign the correct WETH9 contract instance to the wethAddress state variable.