No check for zero address

hats-finance / Paladin-0x1610bfde27e57b068af7f38aec3d2a7b1d146989

Smart contract for the Vote-Flywheel part of Paladin Tokenomics

Other

1 stars 1 forks source link

No check for zero address #4

Open hats-bug-reporter[bot] opened 9 months ago

hats-bug-reporter[bot] commented 9 months ago

Github username: -- Twitter username: 97Sabit Submission hash (on-chain): 0x02358ab5914ffa1b43810fb21625c26269c0e77c12965c606bc517288cdf477d Severity: low

Description: Description\ There is no check for zero address in the addresses passed into the constructor.

Proof of Concept (PoC) File

https://github.com/PaladinFinance/Vote-Flywheel/blob/cf3c82f102a76f58acf003980c480eb9028f0e94/contracts/LootBudget.sol#L68-L83

Kogaroshi commented 9 months ago

Fixed in https://github.com/PaladinFinance/Vote-Flywheel/pull/2/commits/d744db87f2c1e82703560209ab71fff2bcb92db7

0xfuje commented 9 months ago

I think this should be a duplicate of #1

ololade97 commented 9 months ago

I think this should be a duplicate of #1

How? The contracts you pointed out in #1 is different from this. I'm I wrong?

0xfuje commented 9 months ago

How? The contracts you pointed out in https://github.com/hats-finance/Paladin-0x1610bfde27e57b068af7f38aec3d2a7b1d146989/issues/1 is different from this. I'm I wrong?

I think I was pretty clear in my submission that ALL constructors miss zero address checks

ololade97 commented 9 months ago

How? The contracts you pointed out in #1 is different from this. I'm I wrong?

I think I was pretty clear in my submission that ALL constructors miss zero address checks

That's a blanket statement. When you said ALL, why didn't you link to ALL in your report?

I also noticed you later included other contracts in the comment of your report, why didn't you include this too?

I could see you even gave this a thumb's down for no reason. It's high time you stop hunting for other people's reports to bring them down for personal gain.

0xfuje commented 9 months ago

That's a blanket statement. When you said ALL, why didn't you link to ALL in your report?

I thought it was pretty self-explanatory

It's high time you stop hunting for other people's reports to bring them down for personal gain.

Lol mate, chill out. I don't want to "bring other people's reports down for personal gain", what I care is fair judging, and if someone submits a duplicate or invalid I might point that out in the comments, as can other people on my submission when it's lacking.

ololade97 commented 9 months ago

That's a blanket statement. When you said ALL, why didn't you link to ALL in your report?

I thought it was pretty self-explanatory

It's high time you stop hunting for other people's reports to bring them down for personal gain.

Lol mate, chill out. I don't want to "bring other people's reports down for personal gain", what I care is fair judging, and if someone submits a duplicate or invalid I might point that out in the comments, as can other people on my submission when it's lacking.

If truly you care about fair judging, you wouldn't be claiming to have reported what you didn't report.

What does a duplicate mean?