Skip to content
This repository has been archived by the owner on Jul 28, 2024. It is now read-only.

krkba - Admin can set to zero address. #8

Closed
sherlock-admin2 opened this issue Jan 25, 2024 · 0 comments
Closed

krkba - Admin can set to zero address. #8

sherlock-admin2 opened this issue Jan 25, 2024 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Jan 25, 2024
edited
Loading

krkba

medium

Admin can set to zero address.

krkba

Summary

There is lack of input validation in constructor.

Vulnerability Detail

When there is no zero address validation in timelock_ address , it can be set to zero and then in the line 37 the admin is set to timelock_ which is zero address.

Impact

Admin can set to zero address.

Code Snippet

https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegator.sol#L11
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegator.sol#L37

Tool used

Manual Review

Recommendation

Validate the input of timelock_.

Duplicate of #39
@github-actions github-actions bot added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jan 27, 2024
@sherlock-admin2 sherlock-admin2 changed the title Obedient Mustard Halibut - Admin can set to zero address. krkba - Admin can set to zero address. Jan 30, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jan 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin2