Platform: Code4rena
Start Date: 11/01/2023
Pot Size: $60,500 USDC
Total HM: 6
Participants: 69
Period: 6 days
Judge: Trust
Total Solo HM: 2
Id: 204
League: ETH
Rank: 37/69
Findings: 1
Award: $36.24
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: CodingNameKiki
Also found by: 0x1f8b, 0x52, 0x5rings, 0xAgro, 0xSmartContract, 0xcm, 0xkato, 2997ms, Aymen0909, BClabs, BPZ, BRONZEDISC, Bauer, Bnke0x0, Deekshith99, IllIllI, Josiah, Kaysoft, RaymondFam, Rolezn, SaeedAlipoor01988, Tajobin, Udsen, Viktor_Cortess, adriro, arialblack14, betweenETHlines, btk, chaduke, chrisdior4, cryptphi, csanuragjain, cygaar, defsec, descharre, erictee, gzeon, hansfriese, horsefacts, joestakey, koxuan, lukris02, luxartvinsec, nicobevi, oyc_109, pavankv, peanuts, rbserver, scokaf, shark, tnevler, tsvetanovv, zaskoh
36.2377 USDC - $36.24
2.. Missing zero address check
a. The constructor in KYCRegistry.sol is missing a zero address check to ensure the DEFAULT_ADMIN_ROLE and REGISTRY_ADMIN roles are not set to address(0), which could lead to the KYCRegistry contract lose the ability to grant roles for KYCGroupRoles for adding addresses to KYC list
https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/kyc/KYCRegistry.sol#L51-L56
b.CashFactory constructor is missing a zero address check to ensure the governor is not set to address(0) which could lead to the contract not able to deployCash. https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/factory/CashFactory.sol#L53-L55
c. cCash.initialize() is missing a zero address check for underlying_ variable to the state variable underlying is not set to address(0).
https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/lending/tokens/cCash/CCash.sol#L31-L55
#0 - c4-judge
2023-01-23T14:22:00Z
trust1995 marked the issue as grade-c
#1 - c4-judge
2023-02-01T08:02:56Z
trust1995 marked the issue as grade-b