Platform: Code4rena
Start Date: 26/05/2022
Pot Size: $75,000 USDT
Total HM: 31
Participants: 71
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 18
Id: 126
League: ETH
Rank: 56/71
Findings: 1
Award: $99.92
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xf15ers, BouSalman, Chom, Deivitto, Dravee, ElKu, FSchmoede, Funen, GimelSec, Hawkeye, MiloTruck, Picodes, SecureZeroX, SmartSek, TerrierLover, WatchPug, _Adam, asutorufos, berndartmueller, c3phas, catchup, cccz, cogitoergosumsw, cryptphi, csanuragjain, delfin454000, dipp, ellahi, gzeon, hansfriese, horsefacts, hyh, kirk-baird, minhquanym, oyc_109, pauliax, reassor, robee, sashik_eth, shenwilly, simon135, sorrynotsorry, sseefried, unforgiven, xiaoming90, z3s
99.9237 USDT - $99.92
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/Booster.sol#L123-L127 https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VoterProxy.sol#L62-L65 https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VeAssetDepositor.sol#L53-L57
The setter functions don't verify the address should not be equal to address(0). The protocol will be frozen if setXXX to address(0).
There are some setOwner or setFeeManager in the protocol. If the owner is set to address(0) accidentally, the contract will be frozen.
Boosters * setOwner VeAssetDepositor.sol * setFeeManager VoterProxy.sol * setOwner
None
Check address parameters != address(0)
#0 - solvetony
2022-06-15T17:10:44Z
Duplicate of #247 (#74 for booster, this is for voterProxy)
#1 - GalloDaSballo
2022-07-25T00:34:04Z
I fail to see how the set of contracts would stop working when setting certain roles to address 0. You would still be able to withdraw and claim all rewards until that point.
Because of that I'm downgrading to QA