Lack of Validation for newFeeRecipient in initialize Function
Summary
The initialize function does not validate whether the newFeeRecipient address is a zero address. Accepting a zero address could lead to funds being locked forever when calling withdrawFees.
Vulnerability Detail
The contract is initialized without checking if the provided newFeeRecipient address is the zero address. This lack of validation might lead to issues when withdrawFees is called, as sending funds to the zero address would lock them permanently.
Impact
Assigning the zero address as the fee recipient would permanently disable the withdrawal functionality for the fees, potentially leading to locked funds.
Implement a check in the initialize function to ensure that the newFeeRecipient address is not the zero address. This can be achieved by adding a requirement statement:
require(newFeeRecipient != address(0), "Fee recipient address cannot be the zero address");
Anubis
medium
Lack of Validation for newFeeRecipient in initialize Function
Summary
The initialize function does not validate whether the newFeeRecipient address is a zero address. Accepting a zero address could lead to funds being locked forever when calling withdrawFees.
Vulnerability Detail
The contract is initialized without checking if the provided newFeeRecipient address is the zero address. This lack of validation might lead to issues when withdrawFees is called, as sending funds to the zero address would lock them permanently.
Impact
Assigning the zero address as the fee recipient would permanently disable the withdrawal functionality for the fees, potentially leading to locked funds.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L87-L89
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L94-L97
Tool used
Manual Review
Recommendation
Implement a check in the initialize function to ensure that the newFeeRecipient address is not the zero address. This can be achieved by adding a requirement statement: