[PDB-02S] Inexistent Sanitization of Input Address (#876)

* Sanitize constructor arguments * Fix unit tests --------- Co-authored-by: Ludovic Levalleux <levalleux_ludo@hotmail.com>
bosonprotocol · Jan 19, 2024 · 41af0a7 · 41af0a7
1 parent 2451c16
commit 41af0a7
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 3 deletions.
diff --git a/contracts/protocol/bases/PriceDiscoveryBase.sol b/contracts/protocol/bases/PriceDiscoveryBase.sol
@@ -31,6 +31,7 @@ contract PriceDiscoveryBase is ProtocolBase {
      */
     //solhint-disable-next-line
     constructor(address _wNative) {
+        if (_wNative == address(0)) revert InvalidAddress();
         wNative = IWrappedNative(_wNative);
     }
 

diff --git a/test/protocol/PriceDiscoveryHandlerFacet.js b/test/protocol/PriceDiscoveryHandlerFacet.js
@@ -152,6 +152,17 @@ describe("IPriceDiscoveryHandlerFacet", function () {
     });
   });
 
+  context("📋 Constructor", async function () {
+    it("Deployment fails if wrapped native address is 0", async function () {
+      const priceDiscoveryFactory = await getContractFactory("PriceDiscoveryHandlerFacet");
+
+      await expect(priceDiscoveryFactory.deploy(ZeroAddress)).to.revertedWithCustomError(
+        bosonErrors,
+        RevertReasons.INVALID_ADDRESS
+      );
+    });
+  });
+
   // All supported Price discovery methods
   context("📋 Price discovery Methods", async function () {
     beforeEach(async function () {

diff --git a/test/protocol/SequentialCommitHandlerTest.js b/test/protocol/SequentialCommitHandlerTest.js
@@ -151,6 +151,17 @@ describe("IBosonSequentialCommitHandler", function () {
     });
   });
 
+  context("📋 Constructor", async function () {
+    it("Deployment fails if wrapped native address is 0", async function () {
+      const sequentialCommitFactory = await getContractFactory("SequentialCommitHandlerFacet");
+
+      await expect(sequentialCommitFactory.deploy(ZeroAddress)).to.revertedWithCustomError(
+        bosonErrors,
+        RevertReasons.INVALID_ADDRESS
+      );
+    });
+  });
+
   // All supported Sequential commit methods
   context("📋 Sequential Commit Methods", async function () {
     beforeEach(async function () {

diff --git a/test/util/utils.js b/test/util/utils.js
@@ -494,9 +494,10 @@ async function setupTestEnvironment(contracts, { bosonTokenAddress, forwarderAdd
   ];
 
   const facetsToDeploy = await getFacetsWithArgs(facetNames, protocolConfig);
-  facetsToDeploy["SequentialCommitHandlerFacet"].constructorArgs[0] = wethAddress || ZeroAddress; // update only weth address
-  facetsToDeploy["PriceDiscoveryHandlerFacet"].constructorArgs[0] = wethAddress || ZeroAddress; // update only weth address
-
+  if (wethAddress) {
+    facetsToDeploy["SequentialCommitHandlerFacet"].constructorArgs[0] = wethAddress; // update only weth address
+    facetsToDeploy["PriceDiscoveryHandlerFacet"].constructorArgs[0] = wethAddress; // update only weth address
+  }
   // Cut the protocol handler facets into the Diamond
   await deployAndCutFacets(await protocolDiamond.getAddress(), facetsToDeploy, maxPriorityFeePerGas);