Closed sherlock-admin closed 7 months ago
4b
high
RubiconFeeController::initialize()
BaseGladiusReactor::initialize()
No input validation checks on the owner address being set in the initialize function
The owner address being set in the initializer is not checked against zero addresses, which can lead to lock up of funds
Owner can be set to a zero address which can lead to further issues
BaseGladiusReactor::initialize() https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L43
In RubiconFeeController::initialize() https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L39-L44
Manual Review
add necessary checks to validate address of the owner
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Low
0xAadi commented:
Invalid: Admin/Owner is Trusted
4b
high
No input validation on the owner address in
RubiconFeeController::initialize()
andBaseGladiusReactor::initialize()
Summary
No input validation checks on the owner address being set in the initialize function
Vulnerability Detail
The owner address being set in the initializer is not checked against zero addresses, which can lead to lock up of funds
Impact
Owner can be set to a zero address which can lead to further issues
Code Snippet
BaseGladiusReactor::initialize()
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L43In
RubiconFeeController::initialize()
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L39-L44Tool used
Manual Review
Recommendation
add necessary checks to validate address of the owner