No Address zero check #352
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L94
Vulnerability details
Impact
The Global Variable is an immutable state variable that cannot be changed after deployment, wrongly setting the address can have a great effect on the performance of the protocol.
Proof of Concept
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L94
Tools Used
Recommended Mitigation Steps
A proper check should be done on the address pass in the constructor to make sure address zero is not passed at the point of deployment, this will help to avoid spending extra deployment cost if address 0 is passed as the Admin might want to correct the error by deploying another contract:
The text was updated successfully, but these errors were encountered: