Missing input validation on many functions throughout the code

[code423n4]

Handle

tensors

Vulnerability details

Impact

Many functions throughout LongShort.sol and YieldManager.sol have no simple checks for validating inputs.
Below some examples are linked.

Proof of Concept

https://github.com/code-423n4/2021-08-floatcapital/blob/bd419abf68e775103df6e40d8f0e8d40156c2f81/contracts/contracts/LongShort.sol#L254
https://github.com/code-423n4/2021-08-floatcapital/blob/bd419abf68e775103df6e40d8f0e8d40156c2f81/contracts/contracts/YieldManagerAave.sol#L149

Recommended Mitigation Steps

Simple validations like requiring non-zero address or checking that amounts are non-zero would fix this.

[JasoonS]

0 - non-critical

Both examples given are not vulnerabilities since they are not public functions.

L254 in LongShort.sol

This is an onlyAdmin function. We purposely removed null checks from admin functions (we will only call these functions under highly controlled circumstances with via code (ie ethers.js) that checks for forgotten arguments).

L149 in YieldManagerAave.sol

This function is longShortOnly so ONLY the LongShort contract.
If you can find a bug (an actual example) in the LongShort.sol contract where it can give the incorrect arguments to the YieldManagerAave contract then this could be a valid issue.

[0xean]

given the downside of not having these checks in place and for example the admin being set to a null address there seems little benefit to not having them. Downgrading to 1