66 - Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts

CCertain parameters of the contracts can be configured to invalid values, causing a variety of issues and breaking expected interactions between contracts.

setParams allows the owner of the staking contracts to reparameterize critical parameters. However, reparameterization lacks sanity/threshold/limit checks on all parameters.

Recommendation:

Add proper validation checks on all parameters in setParams. If the validation procedure is unclear or too complex to implement on-chain, document the potential issues that could produce invalid values.

Slide Screenshot

Slide Text

ToB Audit Ox Protocol Finding 21
Data Validation
Medium Severity
No setParams Validation
Undefined Behavior
Add Validation
Document Behavior

References

Youtube Reference
Medium Risk severity finding from ToB’s Audit of 0x Protocol

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts.md

Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts.md

66 - Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts

Recommendation:

Slide Screenshot

Slide Text

References

Tags

Files

Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts.md

Latest commit

History

Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts.md

File metadata and controls

66 - Calls to setParams may set invalid values and produce unexpected behavior in the staking contracts

Recommendation:

Slide Screenshot

Slide Text

References

Tags

66 - Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts