search

wise-foundation / lending-audit

5 stars 4 forks source link

[WSD-03S] Inexistent Sanitization of Input Address #159

Open vm06007 opened 11 months ago

vm06007 commented 11 months ago

WSD-03S: Inexistent Sanitization of Input Address

Type Severity Location
Input Sanitization WiseSecurityDeclarations.sol:L35-L40

Description:

The linked function accepts an address argument yet does not properly sanitize it.

Impact:

The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.

Example:

constructor(
    address _master,
    address _wiseLendingAddress,
    address _aaveHubAddress,
    uint256 _borrowPercentageCap
)

Recommendation:

We advise some basic sanitization to be put in place by ensuring that the address specified is non-zero.

vm06007 commented 11 months ago

Resolved in: https://github.com/wise-foundation/lending-audit/pull/154