Missing Zero Address Validation for Token Addresses
Summary
The smart contract does not consistently validate that token addresses are not the zero address, notably in the updateTokens function.
Vulnerability Detail
In the updateTokens function, there's no check to prevent the zero address from being set as a token address. This could lead to scenarios where tokens are sent to the zero address, effectively getting burned and causing irreversible financial loss.
Impact
Sending tokens to the zero address would result in a permanent loss of those tokens, which could be significant depending on the amount and the token's value.
Implement a check to ensure that none of the tokenAddresses are the zero address. This can be done by adding a condition like require(tokenAddresses[i] != address(0), "Token address cannot be the zero address"); inside the loop.
Anubis
high
Missing Zero Address Validation for Token Addresses
Summary
The smart contract does not consistently validate that token addresses are not the zero address, notably in the updateTokens function.
Vulnerability Detail
In the updateTokens function, there's no check to prevent the zero address from being set as a token address. This could lead to scenarios where tokens are sent to the zero address, effectively getting burned and causing irreversible financial loss.
Impact
Sending tokens to the zero address would result in a permanent loss of those tokens, which could be significant depending on the amount and the token's value.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L132-L135
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L141
Tool used
Manual Review
Recommendation
Implement a check to ensure that none of the tokenAddresses are the zero address. This can be done by adding a condition like require(tokenAddresses[i] != address(0), "Token address cannot be the zero address"); inside the loop.