search

sherlock-audit / 2024-02-jala-swap-judging

6 stars 4 forks source link

kolos3 - No zero address validation #240

Closed sherlock-admin closed 6 months ago

sherlock-admin commented 6 months ago

kolos3

medium

No zero address validation

Summary

There is no zero address validation in the function setFeeToSetter()

Vulnerability Detail

Lack of zero address validation

Impact

The address feeToSetter could get set to 0 by accident and then not be able to change setFeeTo,setMigrator ,setFlashOn , setFlashFee and feeToSetter.

https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaFactory.sol#L65-L69

Code Snippet

    function setFeeToSetter(address _feeToSetter) external onlyFeeToSetter {
        address oldFeeToSetter = feeToSetter;
        feeToSetter = _feeToSetter;
        emit SetFeeToSetter(oldFeeToSetter, _feeToSetter);
    }

Tool used

VsCode, Manual Review

Recommendation

Add this to the function require(_feeToSetter != address(0), "Zero address not allowed");

nevillehuang commented 6 months ago

Invalid based on sherlock rules

  1. Zero address checks: Check to make sure input values are not zero addresses.