nevillehuang
commented
6 months ago Invalid, zero address checks are not valid issues based on sherlock rules
- Zero address checks: Check to make sure input values are not zero addresses.
Closed sherlock-admin closed 6 months ago
nevillehuang
commented
6 months ago Invalid, zero address checks are not valid issues based on sherlock rules
- Zero address checks: Check to make sure input values are not zero addresses.
bareli
medium
zero address verification for owner
Summary
The contract does not include any checks for the zero address when setting a new owner, which could be a potential oversight. It's generally a good idea to prevent the zero address from becoming an owner, as it cannot execute transactions.
Vulnerability Detail
initOwner(address newOwner)
Impact
We have to check for the zero address for the _OWNER.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/lib/InitializableOwnable.sol#L42 function initOwner(address newOwner) public notInitialized { INITIALIZED = true; OWNER = newOwner; }
Tool used
Manual Review
Recommendation
use require for zero address verification.