The constructor of the EtherCollateral smart contract does not check the validity of the addresses provided as input parameters.
It is possible to deploy an instance of the EtherCollateral contract with the synthProxy , sUSDProxy and depot addresses set to zero.
Similarly, the effective interest rate can be equal to zero if interestRate is set to any value lesser than 31536000 (SECONDS_IN_A_YEAR ), as interestPerSecond will be null.
Consider introducing require statements to perform adequate input validation.
- Sigma Prime Audit Synthetix Finding SEC-06
- Input Validation
- Constructor Parameters
- Zero Addresses
- Check Addresses