Platform: Code4rena
Start Date: 18/05/2023
Pot Size: $24,500 USDC
Total HM: 3
Participants: 72
Period: 4 days
Judge: LSDan
Id: 237
League: ETH
Rank: 59/72
Findings: 1
Award: $16.19
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ABA
Also found by: 0x4non, 0xHati, 0xMosh, 0xSmartContract, 0xWaitress, 0xhacksmithh, 0xnev, 0xprinc, Arabadzhiev, BLACK-PANDA-REACH, Deekshith99, Dimagu, KKat7531, Kose, LosPollosHermanos, MohammedRizwan, QiuhaoLi, RaymondFam, Rickard, Rolezn, SAAJ, Sathish9098, Shubham, SmartGooofy, Tripathi, Udsen, V1235816, adriro, arpit, ayden, bigtone, codeVolcan, d3e4, dwward3n, fatherOfBlocks, favelanky, jovemjeune, kutugu, lfzkoala, lukris02, matrix_0wl, minhquanym, ni8mare, parsely, pxng0lin, radev_sw, ravikiranweb3, rbserver, sces60107, souilos, tnevler, turvy_fuzz, yellowBirdy
16.1907 USDC - $16.19
Immutable address arguments provided to the constructor are missing zero address checks this could result in unexpected behavior when attempting to use the contract.
File: juice-buyback/contracts/JBXBuybackDelegate.sol
124: projectToken = _projectToken; 125: pool = _pool; 126: jbxTerminal = _jbxTerminal; 127: ... 128: weth = _weth;
Implement a zero address check using the require function and the != (inequality) operator with address(0).
Example:
// zero address check immutable contracts. require(_projectToken != address(0), "Invalid project token address"); require(_pool != address(0), "Invalid pool address"); require(_jbxTerminal != address(0), "Invalid terminal address"); require(_weth != address(0), "Invalid weth address"); // assign after successful zero address checks. projectToken = _projectToken; pool = _pool; jbxTerminal = _jbxTerminal; _projectTokenIsZero = address(_projectToken) < address(_weth); // no change as used for bool true/false weth = _weth;
#0 - c4-judge
2023-06-02T10:57:21Z
dmvt marked the issue as grade-b