Lack of zero address check may lead to redeployment of contracts.
Summary
There is no zero address check throughout the contracts in scope.
Vulnerability Detail
There are multiple instance where addresses are configured without checking for zero address() in constructor, initialize and other configuration functions.
Specially in constructor, many immutable addresses are set which are later used in clone and if by mistake these a variables are misconfigured, it might lead to unexpected behavior and in worst case - redeployment of the contracts and all it's clones.
Although this could be considered as low severity but since all immutables are set without zero address validation, hence should be considered medium.
Note: Splits is a hyperstructure like Uniswap, it is worth mentioning that this bug was acknowledged in Uniswap V3 - Check here : https://github.com/Uniswap/v3-core/blob/main/audits/tob/audit.pdf
warRoom
medium
Lack of zero address check may lead to redeployment of contracts.
Summary
There is no zero address check throughout the contracts in scope.
Vulnerability Detail
There are multiple instance where addresses are configured without checking for zero address() in
constructor
,initialize
and other configuration functions. Specially inconstructor
, many immutable addresses are set which are later used in clone and if by mistake these a variables are misconfigured, it might lead to unexpected behavior and in worst case - redeployment of the contracts and all it's clones.Although this could be considered as low severity but since all immutables are set without zero address validation, hence should be considered medium. Note: Splits is a hyperstructure like Uniswap, it is worth mentioning that this bug was acknowledged in Uniswap V3 - Check here : https://github.com/Uniswap/v3-core/blob/main/audits/tob/audit.pdf
Impact
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L131-L136 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-diversifier/src/DiversifierFactory.sol#L52-L60 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperFactory.sol#L40-L51 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleFactory.sol#L21-L26 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L123-L134
Tool used
Manual Review
Recommendation
constructor
andinitialize
function.