search

wise-foundation / lending-audit

5 stars 4 forks source link

[OMR-03S] Inexistent Sanitization of Input Address #128

Open vm06007 opened 1 year ago

vm06007 commented 1 year ago

OMR-03S: Inexistent Sanitization of Input Address

Type Severity Location
Input Sanitization OwnableMaster.sol:L47-L51

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

constructor(
    address _master
) {
    master = _master;
}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

vm06007 commented 1 year ago

Resolved in: https://github.com/wise-foundation/lending-audit/pull/120