search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

4b - No input validation on the owner address in `RubiconFeeController::initialize()` and `BaseGladiusReactor::initialize()` #52

Closed sherlock-admin closed 7 months ago

sherlock-admin commented 7 months ago

4b

high

No input validation on the owner address in RubiconFeeController::initialize() and BaseGladiusReactor::initialize()

Summary

No input validation checks on the owner address being set in the initialize function

Vulnerability Detail

The owner address being set in the initializer is not checked against zero addresses, which can lead to lock up of funds

Impact

Owner can be set to a zero address which can lead to further issues

Code Snippet

BaseGladiusReactor::initialize() https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L43

In RubiconFeeController::initialize() https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L39-L44

Tool used

Manual Review

Recommendation

add necessary checks to validate address of the owner

sherlock-admin commented 7 months ago

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low

0xAadi commented:

Invalid: Admin/Owner is Trusted