Missing address(0) checks for _owner in RubiconFeeController.initialize() and BaseGladiusReactor.initialize()
Summary
The initialize() functions set the owner of the contract without checking if the provided address is the zero address.
Vulnerability Detail
initialize() functions can set address(0) as the owner of the contract. Furthermore, the setOwner() method cannot be called afterward to change the owner of a deployed contract.
Impact
Setting the owner of the contract wrongly will cause the deployed contract to be unusable.
DJINN
medium
Missing address(0) checks for
_owner
inRubiconFeeController.initialize()
andBaseGladiusReactor.initialize()
Summary
The
initialize()
functions set the owner of the contract without checking if the provided address is the zero address.Vulnerability Detail
initialize()
functions can setaddress(0)
as the owner of the contract. Furthermore, thesetOwner()
method cannot be called afterward to change the owner of a deployed contract.Impact
Setting the owner of the contract wrongly will cause the deployed contract to be unusable.
Code Snippet
Tool used
Manual Review
Recommendation
Add a zero address check before setting the owner such as:
require(_owner != address(0), "Invalid address");