Closed sherlock-admin closed 8 months ago
BAICE
medium
Missing checks of 0x00 address when setting a number or an address
Loss of zero address or zero value checks . In CouncilMember:initialize
CouncilMember:initialize
function initialize( IERC20 telcoin, string memory name_, string memory symbol_, IPRBProxy stream_, address target_, uint256 id_ ) external initializer { _grantRole(DEFAULT_ADMIN_ROLE, _msgSender()); __ERC721_init(name_, symbol_); TELCOIN = telcoin; _stream = stream_; _target = target_; _id = id_; }
In RewardsDistributionRecipient:setRewardsDistribution
RewardsDistributionRecipient:setRewardsDistribution
function setRewardsDistribution( address rewardsDistribution_ ) external onlyOwner { rewardsDistribution = rewardsDistribution_; emit RewardsDistributionUpdated(rewardsDistribution); }
Wrong address may be set in the contract .
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L56-L69
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/abstract/RewardsDistributionRecipient.sol#L42-L47
Manual Review, VsCode
Add zero address checks like TelcoinDistributor:constructor
TelcoinDistributor:constructor
require( address(telcoin) != address(0) && address(council) != address(0) && period != 0, "TelcoinDistributor: cannot intialize to zero" );
Duplicate of #4
1 comment(s) were left on this issue during the judging contest.
takarez commented:
ivalid because { zero address check is invalid accroding sherlock}
BAICE
medium
Missing checks of 0x00 address when setting a number or an address
Summary
Missing checks of 0x00 address when setting a number or an address
Vulnerability Detail
Loss of zero address or zero value checks . In
CouncilMember:initialize
In
RewardsDistributionRecipient:setRewardsDistribution
Impact
Wrong address may be set in the contract .
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L56-L69
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/abstract/RewardsDistributionRecipient.sol#L42-L47
Tool used
Manual Review, VsCode
Recommendation
Add zero address checks like
TelcoinDistributor:constructor
Duplicate of #4