Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add zero address validation in constructor #61

Open
code423n4 opened this issue Aug 25, 2021 · 2 comments
Open

add zero address validation in constructor #61

code423n4 opened this issue Aug 25, 2021 · 2 comments
Labels
1 (Low Risk) bug Something isn't working Resolved Used when a fix has been implemented. sponsor confirmed

Comments

@code423n4
Copy link
Contributor

Handle

JMukesh

Vulnerability details

Impact

since the parameter in the constructor are used to initialize the state variable , proper check up should be done , other wise error in these state variable can lead to redeployment of contract

Proof of Concept

https://github.com/code-423n4/2021-08-realitycards/blob/39d711fdd762c32378abf50dc56ec51a21592917/contracts/RCLeaderboard.sol#L50

https://github.com/code-423n4/2021-08-realitycards/blob/39d711fdd762c32378abf50dc56ec51a21592917/contracts/RCOrderbook.sol#L136

https://github.com/code-423n4/2021-08-realitycards/blob/39d711fdd762c32378abf50dc56ec51a21592917/contracts/RCTreasury.sol#L120

Tools Used

manual review

Recommended Mitigation Steps

add zero address validation
@code423n4 code423n4 added 1 (Low Risk) bug Something isn't working labels Aug 25, 2021
code423n4 added a commit that referenced this issue Aug 25, 2021
@code423n4
JMukesh issue #61
1e3f54d
@Splidge
Copy link
Collaborator

Splidge commented Aug 26, 2021

RCOrderbook and RCTreasury both have setter functions where an incorrectly initialized variable could be set after deployment. It's unlikely for these to be set incorrectly because of the deployment script we use, however I'll add a setter to the RCLeaderboard so we can set the address afterwards.

@Splidge Splidge added Resolved Used when a fix has been implemented. sponsor confirmed labels Aug 26, 2021
@Splidge Splidge mentioned this issue Aug 26, 2021
Closed
@Splidge
Copy link
Collaborator

Splidge commented Sep 2, 2021

Treasury setter in RCLeaderboard added here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1 (Low Risk) bug Something isn't working Resolved Used when a fix has been implemented. sponsor confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Splidge @code423n4