Missing Zero Address Check for Rebalancer in BaseLSTAdapter Contract
Summary
The BaseLSTAdapter contract presents a critical vulnerability as it lacks a zero address check for the rebalancer in its constructor. Failure to validate the rebalancer address against the zero address (address(0)) poses significant risks, including potential exploitation, loss of control over contract functionalities, and deployment failures.
Vulnerability Detail
The vulnerability stems from the absence of a zero address check for the rebalancer in the constructor of the BaseLSTAdapter contract. Without proper validation, the contract allows the rebalancer address to be set to the zero address (address(0)), leading to adverse consequences and security vulnerabilities.
Impact
As an impact of the vulnerability, the contract may loose access to functions like reqestWithdrawal etc , which can be only called by rebalancer leading to funds being stuck in the contract forever.
To address the vulnerability, it is recommended to implement a zero address check for the rebalancer in the constructor of the BaseLSTAdapter contract. The validation should ensure that the rebalancer address cannot be set to the zero address during contract initialization, mitigating the risk of deployment failures and security breaches.
constructor(address _rebalancer) BaseAdapter(WETH, address(this)) ERC4626((IWETH9(WETH))) {
if (_rebalancer == address(0)) revert ZeroAddress(); // Add zero address validation for rebalancer
rebalancer = _rebalancer;
}
By implementing this validation check, the contract can prevent the rebalancer address from being set to the zero address (address(0)), ensuring the integrity and security of its functionalities.
0xBhumii
medium
Missing Zero Address Check for
RebalancerinBaseLSTAdapterContractSummary
The
BaseLSTAdaptercontract presents a critical vulnerability as it lacks a zero address check for the rebalancer in its constructor. Failure to validate the rebalancer address against the zero address (address(0)) poses significant risks, including potential exploitation, loss of control over contract functionalities, and deployment failures.Vulnerability Detail
The vulnerability stems from the absence of a zero address check for the rebalancer in the constructor of the
BaseLSTAdaptercontract. Without proper validation, the contract allows the rebalancer address to be set to the zero address (address(0)), leading to adverse consequences and security vulnerabilities.Impact
As an impact of the vulnerability, the contract may loose access to functions like reqestWithdrawal etc , which can be only called by rebalancer leading to funds being stuck in the contract forever.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/BaseLSTAdapter.sol#L60C1-L64C1
Tool used
Manual Review
Recommendation
To address the vulnerability, it is recommended to implement a zero address check for the rebalancer in the constructor of the
BaseLSTAdaptercontract. The validation should ensure that the rebalancer address cannot be set to the zero address during contract initialization, mitigating the risk of deployment failures and security breaches.By implementing this validation check, the contract can prevent the rebalancer address from being set to the zero address (
address(0)), ensuring the integrity and security of its functionalities.