The constructor in the contract initializes key parameters such as token pools and price feeds. However, it lacks checks to ensure that the addresses for _token0Pool and _token1Pool are not zero. This omission can lead to potential issues if these addresses are inadvertently set to zero during deployment, causing the contract to behave unexpectedly or fail.
Vulnerability Detail
The constructor initializes the contract state variables but does not check if the_token0Pool and _token1Pooladdresses are zero. If either of these addresses is zero, it can lead to unexpected behavior or contract failure.
Impact
Contract Misbehavior: The contract may not function as intended if _token0Pool or _token1Pool is zero.
Add checks to ensure that _token0Pool and _token1Pool are not zero addresses during contract deployment. This can be achieved by using require statements in the constructor.
Missing checks for
address(0)Low/Info issue submitted by NoOne
Summary
The constructor in the contract initializes key parameters such as token pools and price feeds. However, it lacks checks to ensure that the addresses for
_token0Pooland_token1Poolare not zero. This omission can lead to potential issues if these addresses are inadvertently set to zero during deployment, causing the contract to behave unexpectedly or fail.Vulnerability Detail
The
constructorinitializes the contract state variables but does not check if the_token0Pooland_token1Pooladdresses are zero. If either of these addresses is zero, it can lead to unexpected behavior or contract failure.Impact
Contract Misbehavior: The contract may not function as intended if _token0Pool or _token1Pool is zero.
Code Snippet
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/valantis-hot/src/HOTOracle.sol#L78-L79
Tool used
Manual Review
Recommendation
Add checks to ensure that
_token0Pooland_token1Poolare not zero addresses during contract deployment. This can be achieved by using require statements in the constructor.