Add Hint for Zero Address Allocation

protofire / solhint

Solhint is an open-source project to provide a linting utility for Solidity code.

https://protofire.github.io/solhint/

MIT License

1.03k stars 160 forks source link

Add Hint for Zero Address Allocation #592

Open rajosch opened 1 month ago

rajosch commented 1 month ago

Context: Solidity developers often make the mistake of assigning or comparing addresses to the zero address (0x0000000000000000000000000000000000000000). This can lead to vulnerabilities and bugs in smart contracts.

Suggestion: Implement a new rule in Solhint to check for:

Assignments to the zero address.
Comparisons with the zero address.

Rationale: This check will help developers avoid common pitfalls and ensure better security and reliability in their smart contracts.

References:

RHO Incident

dbale-altoros commented 1 month ago

hello @rajosch thanks a lot for suggesting

to understand:

Assignments to the zero address: Are you referring to assign to a variable address(0) ? or what ?
Comparisons with the zero address. Is this what you mean ? if (userAddress == address(0)) or if (userAddress == 0x0000000000000000000000000000000000000000)

please put examples... thanks

rajosch commented 1 month ago

Hi @dbale-altoros,

I am referring to cases where a variable is assigned the value address(0).
I am talking about instances where an assignment to the zero address is possible but not checked against. Example:
```
function transferOwnership(address newOwner) public {
require(newOwner != address(0), "New owner cannot be the zero address");
owner = newOwner;
}
```
My question is if there should be a hint to check for a zero address allocation if the require statement is not present. This would help to prevent problems like this RHO incident.

dbale-altoros commented 1 month ago

sorry @rajosch I'm kind of swamp... I WILL take a look and get back to you as soon as i can