Closed github-actions[bot] closed 1 year ago
w42d3n
low
There is no address(0) validation in initialize() functions.
parameter used in constructor and initializer are used to initialize the state variable, error in these can lead to redeployment of contract
https://github.com/ethereum-optimism/optimism/blob/3f4b3c328153a8aa03611158b6984d624b17c1d9/packages/contracts-bedrock/contracts/L1/L2OutputOracle.sol#L107
https://github.com/ethereum-optimism/optimism/blob/3f4b3c328153a8aa03611158b6984d624b17c1d9/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L110
Manual Review
add address(0) validation
w42d3n
low
add zero address validation in constructor and initializer
Summary
Vulnerability Detail
There is no address(0) validation in initialize() functions.
Impact
parameter used in constructor and initializer are used to initialize the state variable, error in these can lead to redeployment of contract
Code Snippet
https://github.com/ethereum-optimism/optimism/blob/3f4b3c328153a8aa03611158b6984d624b17c1d9/packages/contracts-bedrock/contracts/L1/L2OutputOracle.sol#L107
https://github.com/ethereum-optimism/optimism/blob/3f4b3c328153a8aa03611158b6984d624b17c1d9/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L110
Tool used
Manual Review
Recommendation
add address(0) validation