search

wise-foundation / lending-audit

5 stars 4 forks source link

[DFM-03S] Inexistent Sanitization of Input Addresses #157

Open vm06007 opened 1 year ago

vm06007 commented 1 year ago

DFM-03S: Inexistent Sanitization of Input Addresses

Type Severity Location
Input Sanitization DeclarationsFeeManager.sol:L31-L38

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

constructor(
    address _master,
    address _aaveAddress,
    address _wiseLendingAddress,
    address _oracleHubAddress,
    address _wiseSecurityAddress,
    address _positionNFTAddress
)

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

vm06007 commented 1 year ago

Resolved in: https://github.com/wise-foundation/lending-audit/pull/154