search

wise-foundation / lending-audit

5 stars 4 forks source link

[WLD-03S] Inexistent Sanitization of Input Addresses #158

Open vm06007 opened 1 year ago

vm06007 commented 1 year ago

WLD-03S: Inexistent Sanitization of Input Addresses

Type Severity Location
Input Sanitization WiseLendingDeclaration.sol:L129-L152

Description:

The linked function(s) accept address arguments yet do not properly sanitize them.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

constructor(
    address _master,
    address _wiseOracleHub,
    address _nftContract,
    address _wethContract
)
    OwnableMaster(
        _master
    )
{
    WETH_ADDRESS = _wethContract;

    WETH = IWETH(
        _wethContract
    );

    WISE_ORACLE = IWiseOracleHub(
        _wiseOracleHub
    );

    POSITION_NFT = IPositionNFTs(
        _nftContract
    );
}

Recommendation:

We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.

vm06007 commented 1 year ago

Resolved in: https://github.com/wise-foundation/lending-audit/pull/154