Constructor Does Not Check for Zero Addresses #75

code423n4 · 2021-12-03T13:53:56Z

Handle

Meta0xNull

Vulnerability details

Impact

A wrong user input or wallets defaulting to the zero addresses for a missing input can lead to the contract needing to redeploy or wasted gas.

Proof of Concept

https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/Locke.sol#L17-L19

Tools Used

Manual Review

Recommended Mitigation Steps

requires Addresses is not zero.

require(_governor != address(0), "Address Can't Be Zero")
require(_emergency_governor != address(0), "Address Can't Be Zero")

0xean · 2022-01-16T14:17:21Z

dupe of #68

code423n4 added bug Something isn't working G (Gas Optimization) labels Dec 3, 2021

code423n4 added a commit that referenced this issue Dec 3, 2021

Meta0xNull issue #75

c0e9c7c

0xean closed this as completed Jan 16, 2022

0xean added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments duplicate This issue or pull request already exists and removed G (Gas Optimization) labels Jan 16, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Constructor Does Not Check for Zero Addresses #75

Constructor Does Not Check for Zero Addresses #75

code423n4 commented Dec 3, 2021

0xean commented Jan 16, 2022

Constructor Does Not Check for Zero Addresses #75

Constructor Does Not Check for Zero Addresses #75

Comments

code423n4 commented Dec 3, 2021

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

0xean commented Jan 16, 2022