Lack of Validity Check for Governor and VotingToken Addresses
Summary
The contract fails to validate the governor and votingToken addresses during initialization, potentially leading to critical security vulnerabilities.
Vulnerability Detail
The vulnerability arises from not checking whether the provided governor and votingToken addresses are the zero address. This omission may allow an attacker to set these addresses to zero, compromising the functionality and security of the contract.
Impact
If an attacker exploits this vulnerability, they could manipulate the contract's behavior by setting the governor and votingToken addresses to zero, potentially causing unexpected behavior, loss of funds.
Add validity checks for the governor and votingToken addresses during contract initialization to mitigate the risk of potential vulnerabilities. Consider implementing the following code snippet:
if (_governor == address(0)) revert INVALID_GOVERNOR();
if (_votingToken == address(0)) revert INVALID_VOTING_TOKEN();
Irissme
medium
Lack of Validity Check for Governor and VotingToken Addresses
Summary
The contract fails to validate the governor and votingToken addresses during initialization, potentially leading to critical security vulnerabilities.
Vulnerability Detail
The vulnerability arises from not checking whether the provided governor and votingToken addresses are the zero address. This omission may allow an attacker to set these addresses to zero, compromising the functionality and security of the contract.
Impact
If an attacker exploits this vulnerability, they could manipulate the contract's behavior by setting the governor and votingToken addresses to zero, potentially causing unexpected behavior, loss of funds.
Code Snippet
https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/adaptors/OZVotingAdaptor.sol#L1-L31
Tool used
Manual Review
Recommendation
Add validity checks for the governor and votingToken addresses during contract initialization to mitigate the risk of potential vulnerabilities. Consider implementing the following code snippet:
Duplicate of #109