Platform: Code4rena
Start Date: 29/04/2021
Pot Size: $30,000 USDC
Total HM: 3
Participants: 6
Period: 6 days
Judge: cemozer
Total Solo HM: 2
Id: 7
League: ETH
Rank: 6/6
Findings: 1
Award: $535.72
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xRajeev
Also found by: toastedsteaksandwich
669.6429 BLO - $133.93
401.7857 USDC - $401.79
toastedsteaksandwich
The _setCompAddress() function in the Comptroller contract was missing validation to prevent the administrator from setting the comp address to the zero address. Any contracts that use the comp address may face adverse effects if the address is set to the zero address. While an administrator could set the comp address to the zero address by accident or on purpose, this was considered unlikely and as such the risk is considered negligible.
https://github.com/code-423n4/2021-04-basedloans/blob/main/code/contracts/Comptroller.sol#L1354
Validate that the passed in _comp address is not the zero address by adding a requirement, such as require(_comp != address(0)).
#0 - ghoul-sol
2021-05-05T16:26:56Z
Added to our backlog for future refactoring, thanks!