search

hats-finance / Paladin-0x1610bfde27e57b068af7f38aec3d2a7b1d146989

Smart contract for the Vote-Flywheel part of Paladin Tokenomics
Other
0 stars 1 forks source link

Missing address checks in Vyper contracts `__init__()` #28

Open hats-bug-reporter[bot] opened 4 months ago

hats-bug-reporter[bot] commented 4 months ago

Github username: @0xfuje Twitter username: 0xfuje Submission hash (on-chain): 0xceb477d9a803d5890656cb33004e9e4f319a0375c842308dc7c2d6ea76a81389 Severity: low

Description:

Impact

Contracts have to be redeployed if one of the address remains zero upon __init__() calls

Description

While zero address checks in the solidity constructors are now implemented in commit PaladinFinance@d744db8. The Vyper __init__() functions still do not make any checks.

contracts/boost/DelegationProxy.vy - __init__()

@external
def __init__(_voting_escrow: address, _delegation: address, _o_admin: address, _e_admin: address):
    HOLY_PAL_POWER = _voting_escrow

    self.delegation = _delegation

    self.ownership_admin = _o_admin
    self.emergency_admin = _e_admin

    log DelegationSet(_delegation)

Recommendation

In order to prevent accidents and follow the same pattern, consider to implement zero address checks in the Vyper boost contracts's init functions as well: BoostV2.vy & DelegationProxy.vy.

Kogaroshi commented 4 months ago

duplicate of #1