Missing checks for `address(0)` when assigning values to address state variables in `AbstractTxSerializerFactory.sol`.

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa49187ce3e44edb3c21ada8be3342dd2bda33dab56a3c3b43c5105743e0ece54 Severity: medium

Description: Description

Assigning values to address state variables without checking for address(0) in AbstractTxSerializerFactory.sol. In the init function, there is no check to ensure that the _creator address is not the zero address (address(0)). Setting allowedCreator, inputsStorage, and secretsStorage to address(0) can lead to undefined behavior and potential security risks

Attachments

1. Proof of Concept (PoC) File

   
   function init(address _creator) public {
   require(msg.sender == initializer && !isInitialized);
   isInitialized = true;

@> allowedCreator = _creator;

@> inputsStorage = ITxInputsStorage(_creator); @> secretsStorage = ITxSecretsStorage(_creator); }

**Recommendation to fix**

```diff
function init(address _creator) public {
    require(msg.sender == initializer && !isInitialized);
+   require(_creator != address(0), "Invalid creator address");
    isInitialized = true;

    allowedCreator = _creator;

    inputsStorage = ITxInputsStorage(_creator);
    secretsStorage = ITxSecretsStorage(_creator);
}

It is essential to validate the _creator address in the init function to prevent assignment of address(0) to critical contract variables. Implementing the recommended check will enhance the security and robustness of the contract.