In this case, the constructor does not validate any of these arguments.
Tool used
Manual Review
Recommendation
It is recommended to always validate function arguments, especially in contract constructors. For example:
_proofMaturityDelaySeconds and _disputeGameFinalityDelaySeconds: These should be validated to ensure they are not excessively large (might cause overflows later in calculation) or excessively small (might lead to blocking withdrawals).
_initialRespectedGameType: Ensure that this is a valid game type (if the type GameType has constraints).
_disputeGameFactory, _systemConfig, and _superchainConfig: Ensure that these are not the zero address and are actually the addresses of deployed contracts.
w42d3n
medium
Insufficient input validation in OptimismPortal2.sol
Summary
Insufficient input validation
Vulnerability Detail
The constructor of the OptimismPortal2 contract does not validate its arguments.
Impact
This could lead to undesired behavior or potential vulnerabilities depending on how the arguments are used throughout the contract.
Code Snippet
https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/L1/OptimismPortal2.sol#L127-L141
In this case, the constructor does not validate any of these arguments.
Tool used
Manual Review
Recommendation
It is recommended to always validate function arguments, especially in contract constructors. For example:
_proofMaturityDelaySeconds and _disputeGameFinalityDelaySeconds: These should be validated to ensure they are not excessively large (might cause overflows later in calculation) or excessively small (might lead to blocking withdrawals).
_initialRespectedGameType: Ensure that this is a valid game type (if the type GameType has constraints).
_disputeGameFactory, _systemConfig, and _superchainConfig: Ensure that these are not the zero address and are actually the addresses of deployed contracts.