warRoom - Lack of zero address check may lead to redeployment of contracts.

[sherlock-admin]

warRoom

medium

Lack of zero address check may lead to redeployment of contracts.

Summary

There is no zero address check throughout the contracts in scope.

Vulnerability Detail

There are multiple instance where addresses are configured without checking for zero address() in constructor, initialize and other configuration functions. Specially in constructor, many immutable addresses are set which are later used in clone and if by mistake these a variables are misconfigured, it might lead to unexpected behavior and in worst case - redeployment of the contracts and all it's clones.

Although this could be considered as low severity but since all immutables are set without zero address validation, hence should be considered medium. Note: Splits is a hyperstructure like Uniswap, it is worth mentioning that this bug was acknowledged in Uniswap V3 - Check here : https://github.com/Uniswap/v3-core/blob/main/audits/tob/audit.pdf

Impact

• Redeployment of contracts and it's clones.
• Unexpected behavior of some implementation.

Code Snippet

https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L131-L136 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-diversifier/src/DiversifierFactory.sol#L52-L60 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperFactory.sol#L40-L51 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleFactory.sol#L21-L26 https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L123-L134

Tool used

Manual Review

Recommendation

• All important address variables should have zero address check especially in constructor and initialize function.