Closed sherlock-admin2 closed 1 year ago
2 comment(s) were left on this issue during the judging contest.
0xyPhilic commented:
invalid because the check if token == address(0) is done to check if the token used is ETH
Kral01 commented:
Invalid
fides
medium
Zero Address Validation implementation is incorrect.
Summary
In function
getPrice
,if(token == address(0))
thentoken = token_
bypasses the zero address validation in the function.Vulnerability Detail
In abstract contract
ChainlinkAdapterOracle.sol
, the zero address validation checkif (token == address(0)) token = token_;
(line 105) is incorrect because if the token address is zero address, it will consider token = token_ which just bypasses the check.Impact
_token
address might be zero and caller won't recieve any price value from the chainlink oracle.Code Snippet
https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/oracle/ChainlinkAdapterOracle.sol#L105
Tool used
Manual Review
Recommendation
The mitigation steps are as follows: