search

hats-finance / illuminex-0x0bb4aa1f58719707405c231fcdf0b405714799cf

0 stars 1 forks source link

Missing checks for `address(0)` when assigning a value to the address prover in `MockDepositProcessor.sol`. #58

Open hats-bug-reporter[bot] opened 4 months ago

hats-bug-reporter[bot] commented 4 months ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x0d98d311e4bd1a6e5b03be0590bc1d5f589301e0ee681c7bfca175bb9e80ba51 Severity: low

Description: Description\ It's considered best practice to implement zero address checks to prevent accidents. Contract would have to be redeployed if 'prover' address is set to zero.

Attack Scenario\ The protocol deploys 'MockDepositProcessor.sol' contract, passing address(0) as parameter.

Attachments

  1. Proof of Concept (PoC) File

    constructor(address _prover) {
    prover = _prover;
}

  2. Revised Code File (Optional)

Add this line of code to the constructor :

require(_prover != address(0), "Invalid prover address");

    constructor(address _prover) {
        require(_prover != address(0), "Invalid prover address");
        prover = _prover;
    }
rotcivegaf commented 4 months ago

Mock contract