You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 28, 2024. It is now read-only.
When there is no zero address validation in timelock_ address , it can be set to zero and then in the line 37 the admin is set to timelock_ which is zero address.
krkba
medium
Admin can set to zero address.
krkba
Summary
There is lack of input validation in
constructor
.Vulnerability Detail
When there is no zero address validation in
timelock_
address , it can be set to zero and then in the line 37 the admin is set totimelock_
which is zero address.Impact
Admin can set to zero address.
Code Snippet
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegator.sol#L11
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegator.sol#L37
Tool used
Manual Review
Recommendation
Validate the input of
timelock_
.Duplicate of #39
The text was updated successfully, but these errors were encountered: