Canto v2 contest - sach1r0's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 28/06/2022

Pot Size: $25,000 USDC

Total HM: 14

Participants: 50

Period: 4 days

Judge: GalloDaSballo

Total Solo HM: 7

Id: 141

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 36/50

Findings: 1

Award: $43.47

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Canto

Findings Information

🌟 Selected for report: zzzitron

Also found by: 0v3rf10w, 0x1f8b, 0x29A, AlleyCat, Bnke0x0, Chom, Funen, JC, Lambda, Limbooo, Meera, Picodes, Sm4rty, TerrierLover, TomJ, __141345__, asutorufos, aysha, c3phas, cccz, defsec, fatherOfBlocks, grGred, hake, ignacio, ladboy233, mrpathfindr, oyc_109, rfa, sach1r0, samruna, slywaters, ynnad

Awards

43.4708 USDC - $43.47

Labels

bug

QA (Quality Assurance)

External Links

Link to GitHub issue

Lack of zero-address check

Details

It is important for critical functionalities to add zero-address check. Lack of zero-address check in the _setPendingAdmin function of GovernorBravoDelegate.sol may lead to loss of control to admin functionalities in the event of accidentally setting the parameter to address(0).

Mitigation

I suggest adding this require statement: require(newPendingAdmin != address(0));

Line of code

https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Governance/GovernorBravoDelegate.sol#L138-L150

#0 - GalloDaSballo
2022-08-13T23:36:23Z

Valid Low

Canto v2 contest - sach1r0's results

Execution layer for original work.

General Information

Findings Distribution

Researcher Performance

External Links

[Q-27] QA Report - $43.47

Findings Information

Awards

Labels

External Links

Lack of zero-address check

Details

Mitigation

Line of code

#0 - GalloDaSballo2022-08-13T23:36:23Z

#0 - GalloDaSballo
2022-08-13T23:36:23Z