Platform: Code4rena
Start Date: 01/07/2022
Pot Size: $75,000 USDC
Total HM: 17
Participants: 105
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 5
Id: 143
League: ETH
Rank: 69/105
Findings: 1
Award: $89.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xdanial, 0xf15ers, Bnke0x0, Ch_301, Chandr, Chom, Funen, GimelSec, Hawkeye, JC, Kaiziron, Lambda, Meera, MiloTruck, Noah3o6, Picodes, ReyAdmirado, Rohan16, Sm4rty, TerrierLover, TomJ, Waze, _Adam, __141345__, asutorufos, aysha, berndartmueller, brgltd, cccz, codexploder, defsec, delfin454000, djxploit, durianSausage, fatherOfBlocks, hake, horsefacts, hubble, jayfromthe13th, joestakey, jonatascm, m_Rassska, oyc_109, pashov, rajatbeladiya, rbserver, robee, sach1r0, sahar, samruna, simon135, svskaushik, zzzitron
89.271 USDC - $89.27
It is recommended that do input validation for immutable state variables. Following parts need to do the input validation.
owner state valuable used in Ownable.solJBPrices.sol and JBDirectory.sol use Ownable.sol provided by OpenZeppelin. It can set address(0) on owner without the proper validation check which causes the contract without admins.
If this is not expected, it should add validation check for the arguments so that owner state valiables do not become 0.
_owner argument which uses for the new projectCallers can specify address(0) when creating a new project. If this causes the unexpected behavior, it should do the validation check properly.
hasPermissions function returns true if empty _permissionIndexes is providedhasPermissions function checks whether or not an operator has the permission to take certain actions pertaining to the specified domain. But if empty _permissionIndexes is given, this function does not behave as expected and returns true.
Return variables are defined at following functions, but they are not necessary since the function uses return statement.