In VestingEscrowFactory contract in constructor zero address check is missing for votingAdaptor
Vulnerability Detail
In the VestingEscrowFactory contract, the constructor is missing a check for the zero address (address(0)) when setting the initial value for the votingAdaptor. This omission may have several consequences:
Potential Deployment Issues: The votingAdaptor is intended to be a crucial part of the functionality of the contract, not having a zero address check during the contract deployment could lead to unexpected behavior. The contract might be deployed with an invalid or uninitialized votingAdaptor address.
Security Risks: Without a zero address check, the contract may be deployed with a votingAdaptor set to address zero, which is a common pattern for an uninitialized address. This can create security risks, as certain operations depending on the votingAdaptor may not behave as expected or may lead to vulnerabilities.
Impact
Without a zero address check contract might be deployed with an invalid or uninitialized votingAdaptor address.
To address this issue, it is recommended to include a zero address check in the constructor when setting the votingAdaptor. For example:
if (_votingAdaptor == address(0)) revert INVALID_VOTING_ADAPTOR();
votingAdaptor = _votingAdaptor;
This check ensures that the provided votingAdaptor address is not the zero address, helping to prevent potential issues related to uninitialized or invalid addresses. Additionally, it provides better clarity on the expected behavior during contract deployment.
0xBhumii
medium
Missing zero address check
Summary
In
VestingEscrowFactory
contract inconstructor
zero address check is missing forvotingAdaptor
Vulnerability Detail
In the
VestingEscrowFactory
contract, the constructor is missing a check for the zero address (address(0)
) when setting the initial value for thevotingAdaptor
. This omission may have several consequences:votingAdaptor
is intended to be a crucial part of the functionality of the contract, not having a zero address check during the contract deployment could lead to unexpected behavior. The contract might be deployed with an invalid or uninitializedvotingAdaptor
address.votingAdaptor
set to address zero, which is a common pattern for an uninitialized address. This can create security risks, as certain operations depending on thevotingAdaptor
may not behave as expected or may lead to vulnerabilities.Impact
Without a zero address check contract might be deployed with an invalid or uninitialized
votingAdaptor
address.Code Snippet
https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrowFactory.sol#L30C1-L41C6
Tool used
Manual Review
Recommendation
To address this issue, it is recommended to include a zero address check in the constructor when setting the votingAdaptor. For example:
This check ensures that the provided votingAdaptor address is not the zero address, helping to prevent potential issues related to uninitialized or invalid addresses. Additionally, it provides better clarity on the expected behavior during contract deployment.
Duplicate of #109