search

hats-finance / SafeStaking-by-HOPR-0x607386df18b663cf5ee9b879fbc1f32466ad5a85

HOPR is an open incentivized mixnet which enables privacy-preserving point-to-point data exchange. HOPR is similar to Tor but actually private, decentralized and economically sustainable.
https://hoprnet.org
GNU General Public License v3.0
0 stars 1 forks source link

Missing Zero Address Check #28

Open hats-bug-reporter[bot] opened 11 months ago

hats-bug-reporter[bot] commented 11 months ago

Github username: -- Submission hash (on-chain): 0x1ea5e7dc68fc256935962e08fa02d9a865328a999bcfd0be50463eb43c4123ae Severity: low

Description: Description\

This Function is lack of zero address check in important operation, which may cause some unexpected result.

Attack Scenario\

contracts/bridge/Bridge.sol

    function setSequencerInbox(address _sequencerInbox) external onlyRollupOrOwner {
        sequencerInbox = _sequencerInbox;
        emit SequencerInboxUpdated(_sequencerInbox);
    }
    function setDelayedInbox(address inbox, bool enabled) external onlyRollupOrOwner {
        InOutInfo storage info = allowedDelayedInboxesMap[inbox];
        bool alreadyEnabled = info.allowed;
            delete allowedDelayedInboxesMap[inbox];
        }
    }

contracts/bridge/SequencerInbox.sol

    function setIsBatchPoster(address addr, bool isBatchPoster_) external onlyRollupOwner {
        isBatchPoster[addr] = isBatchPoster_;
        emit OwnerFunctionCalled(1);
    }
    function setIsSequencer(address addr, bool isSequencer_) external onlyRollupOwner {
        isSequencer[addr] = isSequencer_;
        emit OwnerFunctionCalled(4);
    }

Attachments

  1. Proof of Concept (PoC) File

The entered address is address(0)

  1. Revised Code File (Optional)

Add check of zero address in important operation.

QYuQianchen commented 11 months ago

Irrelevant submission