Open hats-bug-reporter[bot] opened 4 months ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0xace2ef33772849bc0849fc29f916d8485abf48976320f6e3dfd8c7818a4c78f3 Severity: low
Description: Description\ address should be validated for zero value before assigning to a storage variable
address
Attack Scenario\ setting to zero address will brick the protocol functioning.
Code Details
File: contracts/Most.sol /// @audit ******************* Issue Detail ******************* Most.initialize(address[],uint256,address,address)._wethAddress (contracts/Most.sol#87) lacks a zero-check on : - wethAddress = _wethAddress (contracts/Most.sol#90) /// @audit ************** Possible Issue Line(s) ************** L#87, L#90, /// @audit ****************** Affected Code ******************* 87: address payable _wethAddress 90: wethAddress = _wethAddress;
File: contracts/Most.sol /// @audit ******************* Issue Detail ******************* Most.recoverNative(address,uint256).to (contracts/Most.sol#293) lacks a zero-check on : - (success) = to.call{gas: GAS_LIMIT,value: amount}() (contracts/Most.sol#296) /// @audit ************** Possible Issue Line(s) ************** L#293, L#296, /// @audit ****************** Affected Code ******************* 293: address payable to, 296: (bool success, ) = to.call{value: amount, gas: GAS_LIMIT}("");
Attachments
sendRequestNative
weth
0x00
Files:
duplicate of https://github.com/hats-finance/Most--Aleph-Zero-Bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d/issues/10
krzysztofziobro
commented
4 months ago krzysztofziobro
commented
4 months ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0xace2ef33772849bc0849fc29f916d8485abf48976320f6e3dfd8c7818a4c78f3 Severity: low
Description: Description\
addressshould be validated for zero value before assigning to a storage variableAttack Scenario\ setting to zero
addresswill brick the protocol functioning.Code Details
Attachments
sendRequestNativewill fail ofwethis set to0x00addressFiles: