search

hats-finance / Smooth-0x64bc275b37e62eec81a00ecaecd2b9567058f990

Dappnode's MEV Smoothing Pool
0 stars 2 forks source link

Missing checks for address(0x0) when updating address state variables #45

Open hats-bug-reporter[bot] opened 1 year ago

hats-bug-reporter[bot] commented 1 year ago

Github username: @saidqayoumsadat Submission hash (on-chain): 0xd1fb4bc8c511cebae1c60963c1bf2ad21c027f5b9a0fdd1463c1b05fdf2ea4d2 Severity: low

Description: Description

file:  /contracts/DappnodeSmoothingPool.sol

547        pendingGovernance = newPendingGovernance;

https://github.com/hats-finance/Smooth-0x64bc275b37e62eec81a00ecaecd2b9567058f990/blob/3929e24ea288d697d38948b8690c8c2028e5042b/contracts/DappnodeSmoothingPool.sol#L547

file: /contracts/DappnodeSmoothingPool.sol

209        poolFeeRecipient = _poolFeeRecipient;

https://github.com/hats-finance/Smooth-0x64bc275b37e62eec81a00ecaecd2b9567058f990/blob/3929e24ea288d697d38948b8690c8c2028e5042b/contracts/DappnodeSmoothingPool.sol#L209

invocamanman commented 1 year ago

We don't think necessary to check the 0 address. The address submitted must be always right, so, just protecting from address 0 seems not good enough. Also this transaction should be submitted though probably a multisig and will be double checked.