no validation checks in ControllerV1.sol initialize function() #57
Labels
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Handle
jayjonah8
Vulnerability details
Impact
In ControllerV1.sol in the initialize() function there are no validation checks on the passed in arguments before setting them to storage which can result in costly errors.
Proof of Concept
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/ControllerV1.sol#L33
Tools Used
Manual code review
Recommended Mitigation Steps
Add validation checks to addresses and the _oleWethDexData bytes argument.
The text was updated successfully, but these errors were encountered: