search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

taner2344 - setFeeRecipient checks no "zero address" parameter #62

Closed sherlock-admin closed 9 months ago

sherlock-admin commented 9 months ago

taner2344

high

setFeeRecipient checks no "zero address" parameter

Summary

On RubiconFeeController , setFeeRecipient simply sets new fee recipient for the protocol. However ,as you can see there is no zero address check on this function even though it has made by trusted actors in auth modifier.

        function setFeeRecipient(address recipient) external auth {
        feeRecipient = recipient;
    }

Vulnerability Detail

On RubiconFeeController , setFeeRecipient simply sets new fee recipient for the protocol. However ,as you can see there is no zero address check on this function even though it has made by trusted actors in auth modifier.

        function setFeeRecipient(address recipient) external auth {
        feeRecipient = recipient;
    }

Impact

Trusted actors could pass zero address to setFeeRecipient function by mistake. This leads to fee loses for protocol.

Code Snippet

https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L138-L140

Tool used

Manual Review

Recommendation

To mitigate this issue kindly consider to add following

function setFeeRecipient(address recipient) external auth {
       require(recipient != address(0) , "zero address"); // add this line
        feeRecipient = recipient; 
}
sherlock-admin commented 9 months ago

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low

0xAadi commented:

Invalid: Admin/Owner is Trusted