Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

krkba - No zero address validation in setRewardsDistribution function #4

Closed
sherlock-admin opened this issue Jan 15, 2024 · 4 comments
Closed

krkba - No zero address validation in setRewardsDistribution function #4

sherlock-admin opened this issue Jan 15, 2024 · 4 comments
Assignees
@amshirif
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jan 15, 2024
edited by sherlock-admin2
Loading

krkba

medium

No zero address validation in setRewardsDistribution function

krkba

Summary

Vulnerability Detail

The setRewardsDistribution function does not validate the input address.

Impact

It can be a zero address, which leads to unexpected behavior.

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/abstract/RewardsDistributionRecipient.sol#L42-L47

Tool used

Manual Review

Recommendation

The function should check that the address is not the zero address.
@amshirif amshirif self-assigned this Jan 16, 2024
@amshirif amshirif added Will Fix The sponsor confirmed this issue will be fixed Medium A valid Medium severity issue Sponsor Confirmed The sponsor acknowledged this issue is valid Reward A payout will be made for this issue labels Jan 16, 2024
@amshirif
Copy link

https://github.com/telcoin/telcoin-audit/pull/21

@amshirif amshirif removed the Reward A payout will be made for this issue label Jan 16, 2024
@github-actions github-actions bot added Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Excluded Excluded by the judge without consulting the protocol or the senior and removed Medium A valid Medium severity issue labels Jan 19, 2024
This was referenced Jan 19, 2024
Closed
Closed
Closed
@sherlock-admin2 sherlock-admin2 changed the title Perfect Stone Weasel - No zero address validation in setRewardsDistribution function krkba - No zero address validation in setRewardsDistribution function Jan 29, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels Jan 29, 2024
@nevillehuang
Copy link
Collaborator

Invalid, address zero checks are not valid based on sherlock rules

@sherlock-admin
Copy link
Contributor Author

The protocol team fixed this issue in PR/commit https://github.com/telcoin/telcoin-audit/pull/21.

@sherlock-admin
Copy link
Contributor Author

The Lead Senior Watson signed-off on the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amshirif amshirif

Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@amshirif @nevillehuang @sherlock-admin @sherlock-admin2