Lack of zero address validation #56

code423n4 · 2021-06-15T16:39:19Z

Handle

JMukesh

Vulnerability details

Impact

constructor of RCorderbook.sol lacks zero address validation , since parameter of costructor are used initialize state variable which are used in other function of the contract , error in these state variable can lead to redeployment of contract

Proof of Concept

https://github.com/code-423n4/2021-06-realitycards/blob/main/contracts/RCOrderbook.sol#L106

Tools Used

manual review

Recommended Mitigation Steps

add require condition to check for zero address

Splidge · 2021-06-16T08:01:13Z

I think the zero address validation isn't a problem for factoryAddress as this can be set later in the function setFactoryAddress
However yes Treasury is missing a possible setTreasuryAddress

Splidge · 2021-06-21T10:18:25Z

implemented here

Splidge · 2021-06-21T10:41:14Z

Additional changes for #142 and #115 are here

code423n4 added 1 (Low Risk) bug Something isn't working labels Jun 15, 2021

code423n4 added a commit that referenced this issue Jun 15, 2021

JMukesh issue #56

433ebde

Splidge added the sponsor confirmed label Jun 16, 2021

Splidge added the resolved label Jun 21, 2021

dmvt mentioned this issue Jul 10, 2021

Uninitialized referenceContractAddress may be used #81

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Lack of zero address validation #56

Lack of zero address validation #56

code423n4 commented Jun 15, 2021

Splidge commented Jun 16, 2021

Splidge commented Jun 21, 2021

Splidge commented Jun 21, 2021 •

edited

Loading

Lack of zero address validation #56

Lack of zero address validation #56

Comments

code423n4 commented Jun 15, 2021

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Splidge commented Jun 16, 2021

Splidge commented Jun 21, 2021

Splidge commented Jun 21, 2021 • edited Loading

Splidge commented Jun 21, 2021 •

edited

Loading