Missing checks for `address(0)` when assigning values to address state variables

hats-finance / Safe-0x2909fdefd24a1ced675cb1444918fa766d76bdac

A collection of modules that can be used with the Safe contract

GNU Lesser General Public License v3.0

0 stars 1 forks source link

Missing checks for `address(0)` when assigning values to address state variables #5

Open hats-bug-reporter[bot] opened 1 week ago

hats-bug-reporter[bot] commented 1 week ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa6a3284659a5587ce0cf8e25c0a192477e4f6047474707d2241935f16754f2c3 Severity: low

Description: Instances (1):

File: SafeWebAuthnSignerProxy.sol

43:         _SINGLETON = singleton;

0xEricTee commented 1 week ago

Missing address zero check is considered as centralization risk.

nlordell commented 1 week ago

The proxy contract is not a general proxy and documented to only be intended for use with the SafeWebAuthnSignerFactory and SafeWebAuthnSignerSingleton which never calls the constructor with a 0 address.

Additionally the check increases deployment costs which we are optimizing for.