Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BBB-01 | Lack Of Input Validation #3171

Open
Brando753 opened this issue Aug 25, 2022 · 1 comment
Open

BBB-01 | Lack Of Input Validation #3171

Brando753 opened this issue Aug 25, 2022 · 1 comment
Assignees
@Brando753
Labels
Minor Reported as a minor vulnerability Peggy Team Peggy team task Peggy 2.0 An issue blocking the Peggy 2.0 release

Comments

@Brando753
Copy link
Contributor

Affected Files: BridgeBank.sol L128

Description

In the smart-contracts/contracts/BridgeBank/BridgeBank contract, the given inputs of the _initialize function are missing the sanity check.

function _initialize(
    address _operator,
    address _cosmosBridgeAddress,
    address _owner,
    address _pauser,
    int32 _networkDescriptor
  ) private {
    Pausable._pausableInitialize(_pauser);

    operator = _operator;
    cosmosBridge = _cosmosBridgeAddress;
    owner = _owner;
    networkDescriptor = _networkDescriptor;
  }

Recommendation

Recommend adding the check for the passed-in values to prevent unexpected error. For example:

require(_operator != address(0),"invalid _operator address");
require(_cosmosBridgeAddress != address(0),"invalid _cosmosBridgeAddress address");
require(_owner != address(0),"invalid _owner address");
require(_networkDescriptor>=0 && _networkDescriptor<=999,
        "invalid _cosmosBridgeAddress address");
@Brando753 Brando753 added Peggy Team Peggy team task Peggy2 Audit - Sifnode Issue Issue that came out of the Peggy2 audits that requires remediation by Sifnode Minor Reported as a minor vulnerability labels Aug 25, 2022
@Brando753 Brando753 self-assigned this Aug 25, 2022
@Brando753 Brando753 removed the Peggy2 Audit - Sifnode Issue Issue that came out of the Peggy2 audits that requires remediation by Sifnode label Aug 26, 2022
@Brando753 Brando753 added the Peggy 2.0 An issue blocking the Peggy 2.0 release label Sep 6, 2022
Brando753 added a commit that referenced this issue Sep 22, 2022
@Brando753
BBB-01 | Lack Of Input Validation #3171
af13c11 
Added input validation on BridgeBank _initialize function.
@Brando753
Copy link
Contributor Author

Brando753 commented Sep 29, 2022
edited
Loading

#3279 PR opened

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Brando753 Brando753

Labels
Minor Reported as a minor vulnerability Peggy Team Peggy team task Peggy 2.0 An issue blocking the Peggy 2.0 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Brando753