search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

DJINN - Missing address validation for `RubiconFeeController.gladiusReactor` can lead to reverts #33

Closed sherlock-admin2 closed 9 months ago

sherlock-admin2 commented 9 months ago

DJINN

medium

Missing address validation for RubiconFeeController.gladiusReactor can lead to reverts

Summary

There are no mechanisms to check if the provided address for the gladius reactor is valid or not.

This issue addresses concerns the Rubicon team has as mentioned in the contest QnA as stated here

A potential concern and non-intended outcome is that if the admin sets invalid parameters, ...

Vulnerability Detail

The admin of the fee controller can provide an arbitrary address for the gladius reactor in the setGladiusReactor(address payable gr) function. As there is no address validation, it can potentially be set to an invalid 0 address.

Impact

When an invalid address is set for gladiusReactor, it will cause the contract to revert due to errors when it is called later on in the contract such as in the function setPairBasedFee() here and setBaseFee() here.

Code Snippet

Tool used

Manual Review

Recommendation

Ensure that only valid addresses are allowed to be set to prevent DOS.

sherlock-admin commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

0xAadi commented:

Invalid: OOS