Add zero address validation in the setPendingGovernance function #35
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
defsec
Vulnerability details
Impact
Since the _pendingGovernance parameter in the setPendingGovernance are used to add governance. In the state variable , proper check up should be done , other wise error in these state variable can lead to redeployment of contract.
Proof of Concept
"https://github.com/code-423n4/2021-10-badgerdao/blob/9d4734becebd729299f154c0cfa1d3a7f06cccfb/contracts/WrappedIbbtcEth.sol#L50"
"https://github.com/code-423n4/2021-10-badgerdao/blob/9d4734becebd729299f154c0cfa1d3a7f06cccfb/contracts/WrappedIbbtc.sol#L49"
Tools Used
Code Review
Recommended Mitigation Steps
Add proper zero address validation.
The text was updated successfully, but these errors were encountered: