Since on Oasis chain Initial msg.sender = address(0) when VaultBitcoinWallet is deployed msg.sender will actually be address(0) since it is not a contract.
Which meansfeeSetter = address(0)
Attack Scenario\
feeSetter will be address 0 and won't be able to benefit from his priviledged position.
Github username: @@giorgiodalla Twitter username: 0xAuditism Submission hash (on-chain): 0xc54847dda609ba6d6979d6e5d95f7725b16924b2f73b58a8281ba6b307975690 Severity: medium
Description: Description\
Since on Oasis chain
Initial msg.sender = address(0)
whenVaultBitcoinWallet
is deployedmsg.sender
will actually be address(0) since it is not a contract. Which meansfeeSetter = address(0)
Attack Scenario\
feeSetter will be address 0 and won't be able to benefit from his priviledged position.
Attachments We can see in the constructor :
Consider manually inputing the address of the desired feeSetter: