Inaccurate return value from getCDS()
possible
#155
Labels
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Handle
sirhashalot
Vulnerability details
Impact
The
getCDS()
function in Registry.sol may return an unexpected value whencds[_address] == address(0)
. The return value for the case ofcds[_address] == address(0)
iscds[address(0)]
, butcds[address(0)]
can be set to a non-default value in thesetCDS()
function. Returningcds[address(0)]
may return an address instead of returning address(0) or another value indicating there is no CDS for this address.This issue is due to either a lack of a zero address check in the
setCDS()
function or a typo, it is unclear which.Proof of Concept
The issue is this if statement branch in Registry.sol.
Recommended Mitigation Steps
A few solutions exist:
setCDS()
function should add a require statement likerequire(_address != address(0))
to include a zero address check to prevent cds[0] from being set to a non-default valuegetCDS()
function should usereturn address(0)
instead ofreturn cds[address(0)];
. If this solution is chosen, the if/else statement can be removed entirely to save gas so that the only line of code in this function isreturn cds[_address];
if (cds[_address] == address(0))
check is to return a default value if no custom value has been set, then a separate variable containing a default value would be better than relying on the existing array.The text was updated successfully, but these errors were encountered: